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[57] ABSTRACT 

A computer program product coixqnlsing: a computer use- 
able medium having computer readable program code 
means embodied therein for encrypting and decrypting 
information transferred over a network between a dient 
application program running in a client conqiuter and a 
server aj^lication progiamrunning in a server compute, the 
computer readable program code means in the con^uter 
program product conqjiising: computer readable program 
code means for providing a socket application program 
interface to an application layer program; coniputer readable 
program code means for providing encrypted information to 
transport protocol layer services; computer readable pro- 
gram code means for encrypting information received from 
an application layer program; and computer readable pro- 
gram code means for decrypting information received from 
transport protocol layer services. 

3 Claims, 10 Drawing Sheets 
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The Worid Wide Web utilizes the client-server model 
to provide a distributed hypermedia Interface to the 
wide variety of information sources available on the 
Internet ... 
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The concept of the client-server model 
is a very simple one used extensively 
bytheimemsl... 




The intemet grew out of work funded 
in the 1960's by the U.S. Defense Department's 
Advanced Research Projects Agency (ARPA) 
which ... 
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SECURE SOCKET LAYER APPLICATION nicate with many different operating system platforms with- 

PR06RAM APPARATUS AND METHOD out requiring operating system changes. 

In another aspect, the invention provides a more efficient 

BACKGROUND OF THE INVENTION handshake protocol and session key generation scheme. 

1 Held of the Invention ^ When a client and server application first establish a secure 

sockets connection, in accordance with the invention, they 
Theinvention relates generally to computer networks, and ^ ^^^^j handshake protocol in which they negc 
more particularly to securmg pnvate commumcations tiate security procedures, produce a master key and generate 
between networked computers. ^^^^^ j^y^ ^^^^ ^ ^^^^ ^1^^ information 
2. Description of the Related Art lO transferred through the sockets connection. If there arc 
There is an increasing need for security in communica- multiple connections between the client and server applica- 
tions over public and private networks. The expanding tions during a prescribed time interval, then the handshake 
popularity of the Internet, and especially the World Wide protcol may elect to re-use a previously negotiated master 
Web, have lured many more people and businesses into the key, thereby obviating the need to generate a new master 
realm of network communications. There has been a con- key, and saving time in establishing a secure connection, 
comitant rapid growth in the transmission of confidential These and other features and advantages of the invention 
information over these networks. As a consequence, there is become more apparent firom the following description 
a critical need for improved approaches to ensuring the of exenq)laTy embodiments thereof, as illustrated in the 
confidentiality of private information. accompanying drawings. 

Network security is a burgeoning field. There are well 

known encryption alorithms, authentication techniques and BRIEF DESCRIPTION OF THE DRAWINGS 

inte^ty checking mechanisms which s^e as the founda- nO. 1 is a pictorial diagram of a computer network; 

tion for today's secure communications. For example, public pi^*uiim uxa^mu. ui a wiuyuv^ uc^wuij^ 

key encryption techniques using RSA and Diffie-HeUman 2 is an iUustrative drawing of a computer of the 
are widely used. Well known public key encryption tech- ^ network of FIG. 2; 

niques generally described in the foUowing U.S. Patents: FIG. 3 is an illustrative diagram of an electronic document 

U.S. Pat No. 4,200,770 entitled. Cryptographic Apparatus with hyperlinks; 

and Method invented by Hellntan, Diffie and Merlde; U.S. FIG. 4 illustrates client/server message flow, in accor- 

Pat, No. 4,218,582 entitled. Public Key Cryptographic dance with a present embodiment of the invention, using Ae 

Apparatus and Method, invented by Hellman and Merlde; RSA protocol y/heie no session-identifier is found; 

U.S. Pat No. 4,405,829 cntittcd Cryptographic Comnmni- piG. 5 shows cUent/server message flow, in accordance 

cations System and Method, invented by Rivest, Shamir and ^th a present embodiment of invention, using the RSA 

Adleman; and U.S. Pat No. 4,424,414 entitled, Exponen- protocol where there is a shared session-identifier; 

tiation Cryptographic Apparatus and Method, invented by «r-^ ^ . ^ . ■, 

Hdlman aid PoMg. F^Tgeneral discussion of network ^ ^"^^^.^^^^^f^^ f^' " 

,«<r« fc jr. *-tc u With a present exnbodmient of the mventKm, usmg the RSA 

SsSo s,S^ fiSSf r'^'T' ^^.^ session-identifiltion and 

^ . chent authentication is requested; 

In spite of the great stndes that have t>een made in - . i- w « • j 

network security, there still is a need for further improve- ^ ^ '^'T' ^^^^/seryer message flow, in accord^ce 

uv(.wv/i^ jf, uiw*^ »uu » *^ luiuiw Axu^±K,r^ ^ ^ present embodiment of the invention, using a Diffie- 

ment For cxanq)le, with the proliferation of heterogeneous „ TT * y^^^*- ^^muxj^^u^ jiivouuuu, uamg a i^imc- 
, • ^ . ^ ^ Hellman key exchanee where there is shared session- 

network environments m which different host computers use idfitttifiMti • uiuic aumcu »«.aiuu 

different operating system platforms, there is an increasing 

need for a security mechanism that is platform independent ^ shows a generalized representation of a typical 

Moreover, with tiie inaeasing sophistication and variety of Intemrt protocol stack which resides in eadi host machine 

application programs that seek access to a wide range of (o^^J^t and server) and a typical subnet protocol sUck; 

information over networks, there is an increasing need for a FIG, 9 is an illustrative view of dient side and server side 

security mechanism that can work with many different types application layer and transport layer programs and protocol 

of appUcations that request a wide variety of different types structures in accordance with a present embodiment of the 

of information from a wide variety of different types of invention; 

server applications. Furthermore* as security becomes more FIG. 10 is an illustrative view of client and server side 

iiEq)ortant and the volume of confidential network transac- application layer and transport layer programs and protocol 

tions expands, it becomes inaeasingly important to ensure structures which employ the Winsock DLL in conjunction 

that security can be achieved effidentiy, with minimal lime with the SSL library in accordance with an alternative 

and effort. The present invention meets these needs. embodiment of the invention; 

HG. 11 is an fllustrative view of client and server side 
application layer and transport layer programs and protocol 

In one aspect, the invention provides a sockets application structures which employ a variation of the Winsock DLL in 

program interface bound to a security protocol whidi is conjunction with the SSL library in accordance with anotha- 

layered between an application layer and transport layer. The 60 alternative embodiment of the invention; and which employ 

socket interface is widely used in network enviromnents. a variation of the "^^sock DLL in conjunction with the SSL 

This facilitates integration of the invention into a wide range library in accordance with another alternative embodiment 

of host machines connected to a network. Placing the of the present invention; and 

security parotocol between the application layer and the FIG. 12a, 126 and 12c are an illustrative flow diagram 

transport layer enables many different types of ^plication 65 showing an example of the process involved in secure 

programs to eniploy the new security with only slight client-server communication in accordance with a present 

modification. Moreover, the security protocol can commu- embodiment of the invention. 
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DETAILED DESCRIFnON OF THE (FTP). More recent protocols include Gopher developed at 

PREFERRED EMBODIMENT the University of Minnesota and the World Wide Web 

. . project which defined the HypeiText Transfer Protocol 

The present invention comprises a novel process and (HTTP). HTTP has been defined by an Internet Draft dated 

related computer program embodied in a computer useable ^ nqv, 5^ 1993 and subsequent drains, 

medium for ensuring private communications between providing uniform protocols so that clients may 

application programs running on different conqjuters. The request objects and servers may deliver objects to clients, 

following description is presented to enable any person computers on the Internet are able to easily transfer different 

skilled in the art to make and use the invention. Descriptions types of information such as text and images. By using the 

of specific applications are provided only as examples. HyperText concept an efficient user interface is provided to 

Various modifications to the preferred embodiment will be a human user that allows the user to discover what infor- 

readily apparent to those skilled in the art, and the general mation is available and to request the information, 

principles defined herein may be applied to other embodi- An illustration of the HypeiText concept is shown in FIG. 

ments and applications without departing from the spirit and 3. In FIG. 3, a portion of document 10 is shown. This is 

scope of the invention. Thus, the present invention is not symbolic of text which would appear, for example, on a 

intended to be limited to the embodiment shown, but is to be computer display screen as viewed by a user. Text portion 10 

accorded the widest scope consistent with the principles and includes simple text and HyperText, the latter being text 

features disclosed herein. associated with a link. In text portion 10 there are two 

HyperText phrases associated with links. The first one is 

A. The Ghent— Server Model "client-server model" while the second is "Internet". The 

This section provides a general description of exemplary f^^ ^^^^ associated with links is 

host computers (dient and server) and the network environ- ^"^'^^ underimmg of the text phrases, 

ment in which they operate. P^^® "cUent-server model" is linked to text 

mr- 1 ic o« „;of™-„i „ w^i^^i „«ii document 12 by means of link 16. Text document 12 is a 

hiCr. 1 is an Illustrative pictonal diagram of a typical weU .^^rr,.. 

^1 1AA u *u T "1 * -J-? separate document from text document 10. Text document 

known conaputo" network 100 such as the Internet, f or ^5 -a a. * _* * 

exanvle. The computer network 100 includes smaU 12 may reside m the s^ecoiq,utersy^^ 

compters, such as Sinputers 102. 104. 106, 108, 110 and "^"^^ ^"^"^^ ^ " remote loc^ton such as 

no «™ „3 u ^ A A n m a storage device connected to a server that IS geographi- 

112 and large computers, such as computers A and B, „ j £_ *v * . .t. ^ • 

1 - ^ X A II . cally removed from the computer system that a user is 

commonly used as SCTvers. In general, small computers may ^- * • j .TK 

t. 4» 1 . » . . J . * in operatmg to view document 10. 

be "personal cornputers"orworkstations and are sites where 30 I" view , , , 

a human user operates the computer to make requests for , ^ practice, links such as 16 can be inq)lemented m a 

data or services from other computers on the network. Often, document, such as document 10, by using a special text 

the requested data resides in the large computers referred to ^^^1 embedded tags or other symbols within 

as servers. In this scenario, the small computers are dient ^ ^ embedded tags are not 

systems and the large computers are servers. In this 35 displayed to a user readmg toe text. One 

specification, the term "cHcnt" refers to a computer's general HyperText Markup Language (HTML) and 

role as a requester of data or services, and the term "server'* ^ Uniform Resource Locator (URL) form of addressing, 

refers to a computer's role as a provider of data or services. ^ ^^^^^ ^^^^ °" network Objects 

In general, the size of a computer, in terms of its storage be text docwnents, images, sounds, programs or other 

capacity and processing capability, does not necessarily 40 forms of digita^daU. to Ha 3, documents 12 and 14 are t^^ 

affect its abiHty to act as a dient or server. Further, it is objects pomted to by HyperText hnks. A HyperText link can 

possible that a computer may request data or services in one be specified in a number of ways with HTML's. The use of 

transaction and provide data or services in another URLs is merely a currently popular standard way to specify 
transaction, thus changing its role from client to server or 

vice versa. 45 Once specified, link 16 allows a user who is viewing 

The mustrative drawing of HG. 2 shows an exemplary ^'.'^y "^^^^^'^"t 12 "ITie user is 

weU known client compter system 140. It incluls a P"'"**^,!"* simple and objiousmdicahon that tfie 

display device 142 (suchls a monitor), a display screen 144, ^^"^ dient^erver model is a Hj^eHfext hiik to another 

a cibiict 146 (whid, encloses typical ^jmputer component^ document by the underiimng^ Smce thephrase one that is 

suchasaCPU.RAM,ROM.videocard,hiddrive,netwark ^ "'^f "^"^ "'^ 

adapter card, serial ports, etc.), a keyboard 148, a mouse '^'^^ ^^^f^'^ffJ^ ^"'"^ »^ 

150 and perhaps a i^em 152. nie modem, for example, the subject^ the HypaTea p^ For example, in 

aUows the cUcnt computer system to be connected toTan ^' fje HypoT^t phrase "dient-servcr model • hnks to 

Interact network via phone lines, for example. P"*"*^" « descnptton of a 

^ ^ client-server model. 

B. HTML Documents and HTTP ^ common way for the user to access document 12 while 

viewing document 10 on a display screen of a computer 
This section describes the use of identification tags to system is to move a pointer on the display saeen by means 
designate hyperlinks using HTML documents and HTTP as of an input device, such as a mouse, so that the pointer is 
an example. As explained in the specification, however, the ^ over the phrase "cUent-server model". The user then 
present invention appUes to other types of documents as depresses the mouse button to "dick on" the phrase. This 
weU, such as Adobe PDF, voice documents and motion causes the user's computer system to retrieve document 12 
picture and still picture documents. eitho* from local storage or from a remote location con- 
In order to make the transfer of data from one arbitrary nected to the user's computer via a network such as the 
computer to another possible, uniform protocols have been 65 Internet. Once document 12 is retrieved, the user's computer 
devdcped. An early attempt at creating a uniform protocol system displays the document, or a portion of the document, 
for data transfers over the Internet is File Transfer Protocol on the user's display screen. 
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Similarly, the second phrase in document 10, "Internet . . name as parameters. Multiple clients can use a single server 

. allows the user to access document 14 by link 20. In other sodcet Client requests can be queued in a buffer associated 

words, if the user clicks on the HyperText phrase "Internet" with the server socket Typically when a request is accepted 

document 14, or a portion of document 14, is displayed on from the queue, a new socket is created and the new socket 

the user's screen* HyperText documents can have nested 5 is used as the server side connection endpoint with a client 

linking. Document 12 is the target of a HyperText link and In this manner, a single well known port number can be used 

may, itself, have HyperText links within it as shown in FIG. to establish many simultaneous socket connections. A shut- 

3 where link 18 is associated with HyperText *lnteniet** in down (or dose) request usually is employed to terminate a 

document 12. Note that the same word or phrase may socket connection. 

function as a link in different documents and different lo Thus, in a present embodiment of the invention, an 

documents may link to a common document. Many variar application layer program makes sockets caUs to its SSL 

tions on HyperText linking from that shown in FIG. 3 are library which sets up a sockets connection and also ensures 

possible. security during data transmission over the network. There 

are important advantages in binding a connection interface 

C. Overview of Sockets API and Secure Sockets is (sockets API) plus a security protocol (described bdow) in 

Layo- (SSL) Intof ace ^ layer between an application program layer and a transport 

A current embodiment of the invention provides a security ^^y^ ^ accordance with the invention. For example, since 

protocol layered beneath an ^plication protocol used by an sockets API is so widely used by application programs 

application program to communicate over a network. The operating systems, the SSL's sockets API can be 

security protocol is inqjlemented through a "Secure Sockets adqjted for use in a broad range of network environments. 

Layer" Ubrary (the SSL library) which is bound to the Moreover, since the SSL library of the j^esently preferred 

application program. The SSL library modules emulate the embodiment of the invention, is disposed between the appli- 

widely known "sockets" application program interface cation program layer and the transport layer, security can be 

(API). The sockets API is supported by most major operat- provided to multiple diff^ent types of appHcations without 

ing systems including UNIX andMicrosoft Windows. For a significant modification to tiie applications themselves, 

general discussion of the sockets interface, refer to. Inter- FurthermOTe, changes in security requirements or proce- 

networJdng with TCP/IP, volume 1, by Douglas E Comer, often can be more readUy implemented by changing 

Ptentice-Hall, Inc 1995 pages 335-364 security protocols disposed above the transport layer, which 

•me SSL library establishes a sockets conoection with an „ *»icalty impiemented as part of the operating system^ 

appUcationrunningonaremotecon5,uterandtheopeiform than by changing fte openitu^ syrt^ 

^security handshake. Once thelecurity hand^ake is f*^^' ^^"^ ^"^^^ apphcation 

coii4>lete,theSSLUbraiythenencryptsanddeayptsa]ldata l^yf P«>g«f /"d the operating system t^sport contid 

sent to and received a ren«,te host compute through P^tocol sta^ As a result, SSL security can be modified and 

the socket connection. TTie SSL library is used with a 35 "P^^"^ ^""^ '^^^S^ ^ ^^^^ 

reliable transport protocol. For the UNIX Windows D. SSL Library's Security: Key Exdiange, 

enviromnents, this is commonly provided by TCP/BP. The Authentication and Integrity Checks 

^J^i'^XZ^ "J*^ ^"k^"^^ T'' '° .f™^ ™^ «Pl^^ >^PP^«^ ^ whereby 

XNS, NoveU SPXAIPX and the OSI protocols as weU. ^ application and a se,v« application ensure adequate 

The sockets API typically serves as an interface used by 40 security during an information exdiange between them, 

applications to communicate with the TCP/IPprotocol stack. Subsequent sections explain the details of a novel "Record 

Generally, the client and server programs each invoke oper- Pr<^ocol Specification- used during SSL communications 

ating system functions that set up an association between between client and server and the details of a novel "Hand- 

them referred to as a sockets connection. The client and shake Protooor used to establish a secure "sockets" layer 

server appUcations tiien invoke operating system functions 45 (SSL) communication channel between dient and server, 

to send and receive information between them over a The disclosure in this section references public key 

network, such as the Internet, in a similar manner to calling algorithms, bulk ciphers, au&entication processes and integ- 

functions to perform ordinary input/output The information, rfty checks in general It will be appreciated that the prin- 

for example, may include graphics, data, instructions and ciples discussed in this section can be applied to numerous 

even con^uter programs. The sockets connection between 50 different specific instances of each of these security and 

the two programs uses data stractures which allow access to integrity check mechanisms. The section below describing 

TCP/IP services. The sockets API ordinarily provides a the handshake protocol provides many examples of different 

series of system calls that appUcation jsograms can invoke combinations of pubUc key algorithms, bulk ciphers, authen- 

to request sockets connection communication services. tication processes and integrity checks that can be err^doyed 

More specifically, the typical approach to using sockets is 55 consistent witii the invention, 
that a server application creates an open socket ready to RSA Key Exchange Assuming No **Session-Identifier" 
accept connections at a given IP address and (well known) Referring to FIG. 4, there is shown the message flow 
port Once such a socket has been created, buffer space can during handshake protocol negotiation where RSA key 
be allocated to store incoming cormection requests. The exchange is employed and no "session-identifier" is stored 
server socket ordinarily behaves as a passive endpoint 60 in server cache. Note that at the stage at which the message 
waiting for a connection request to arrive firom a client. In exdiange in FIG. 4 begins, the dient and server akeady have 
order for a client to send a connection request to a passive established a "sockets" connection between them, and the 
socket, the socket must have a name. Hierefore, names are server has determined that the connection is to be a secure 
bound to sockets and are published so that a remote client connection that employs the novel SSL processes and pro- 
can address the named socket. To initiate a connection to a 65 gram control mechanisms described herein. As e:^lained 
remote socket a client application ordinarily requests a above, the sockets API is well known. Moreover* in accor- 
connection and specifies a local (client) socket and a remote dance with the invention, the sockets connection is initiated 
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by a client application SSL_open call to its SSL library 
which is bound to the client application. The data transf etred 
between client and server can be encrypted/decrypted as it is 
channeled through the socket But first, before any data is 
transferred, the client and the server must negotiate an s 
encryption technique for the data transfer, authenticate the 
connected parties (server and possibly client too), and check 
the integrity of the agreed upon secure connection. This 
negotiation is carried out in response to the SSL_open call 
through message flow of FIG. 4, which takes place using the lO 
sockets connection previously set up as part of that same 
SSL_open call. 

The client sends to the server, through the sockets 
connection, a dient-hello message which includes the fol- 
lowing information: challenge data and cipher_specs. In the 15 
current implementation of the invention, the challenge data 
is a random number used to ensure channel integrity as 
explained below. The cipher-specs indicate which bulk 
ciphers are supported by the client 

The server responds to the dient-hello message with a 20 
server-hello message which includes the following informa- 
tion: connection identification, server_certificate and 

ciiAer_specs. The connection_identiiication is a randomly 
generated set of bits. The server_certificate is issued to the 
server through well known techniques and is used to certify 25 
the authenticity of the server. The cipher_specs sent by the 
server to the client indicate the bulk cipher to be used during 
the data transfer. The bulk cipher is selected by the server 
from the choices provide by the client in the ciper__specs 
portion of the client-hello message. Since it is possible that 30 
there may be multiple different ciphers supported by the 
client and by the server, it is necessary for the client and 
server to "negotiate" which cipher to use based upon the 
available client and server ciphers. Upon receiving the 
client-hello message, the server determines which server 35 
ciphers match the available client ciphers identified in the 
client cipher_specs portion of the client-hello message. TTie 
server selects a cipher to be used to encrypt/decrypt the data 
to be transmitted and indicates its choice in die cipher_ 
specs portion of the server-hello message. 40 

The client delivers a master key to the server in a 
dient-master-key message. The master key, for example, 
can be a randomly generated number. The master key is used 
by the client and the server to produce session keys which 
will be employed to actually encrypt^decrypt the data to be 45 
transferred through the sockets connection. The master key 
is a shared secret between the client and the servo:. The 
master key is delivered by the client to the server in 
encrypted form using a key exchange encryption algorithm. 
In FIG. 4, an RSA public key algorithm is employed for key 50 
exchange. 

Once the master key has been delivered to the server, the 
server and the client both can independently generate the 
session keys used to actually encrypt/decrypt data trans- 
ferred following successful completion of the handshake 55 
protocol The session keys are produced using well known 
techniques such as through hash functions referenced in the 
sections below or some other function of the master key and 
another data value. A more detailed explanation of the 
session key production techniques used in the presently 60 
preferred embodiment of the invention is provided below in 
the handshake protocol section. It should be understood that, 
while public key encryption techniques are used for master 
key exchange, the actual encryption/decryption of data 
transferred between client and server through the socket is 65 
achieved using a well known bulk cipher, such as RC2, RC4 
or IDEA, negotiated through the respective ciphcr_specs 
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components of the information exchanged in the client-hello 
and server-heUo messages. The sdected bulk dpher uses the 
session keys to endpher/dedpher data and messages trans- 
ferred through the socket connection. 

The client sends a client-finished message which indicates 
that the client is satisfied with the server. In a present 
embodiment of the invention, the client-finish message 
indudes a hash of all of the handshake protocol messages 
previously sent by the client. The hash is encrypted using the 
agreed upon bulk dpher plus a session key generated by the 
client, referred to in FIG. 4 as the dient-write-key. Note that 
the hash function also is negotiated as part of the cipher_ 
specs. In addition, the connection-identification previously 
sent to the client by the server is transmitted to the server 
with the client-finish message to authenticate the channel. 
The server uses the dient messages handshake hash to verify 
the integrity of the communication between client and 
server. This final integrity check will expose third party 
intervention even if it occurred at the beginning of the 
handshake protocol. 

The server sends a server-finished message which indi- 
cates that the server is satisfied with the client and is ready 
to begin the actual data transfer through the socket connec- 
tion. In a present embodiment of the invention, the server- 
finish message indudes a hash of all of the handshake 
protocol messages previously sent by the server. The hash is 
encrypted using the agreed upon bulk dpher plus a session 
key generated by the server, referred to in FIG. 4 as the 
servcr_write_j£ey. The hash function also is negotiated as 
part of the dpher_specs. The server uses the server mes- 
sages handshake hash to verify the integrity of the conmiu- 
nication between dient and server as explained above. 

In addition, a new session_identification is sent together 
with the hashandshake hash encrypted using the bulk dpher 
and the server_write_key. This new_session_ 
identification is stored by both the client application and the 
server application in their respective cache memories 
together with the master key and the encryption algorithm 
selection (dpher plus hash) so that, as explained bdow, the 
master key can be used again in a future socket connection 
between the dient and the server. Note that if a client 
machine, for example, is nmning multiple instantiations of 
the application program then each instantiation will have its 
own session-identification. 

In a present enibodiment, the session _Jdentifications are 
stored by client application and server application in a table 
like the following: 



sessioiL.JdexitificatioD table 

sessbiLjD machine IP address master lay enciyption tiDoer 

algoiilhm 



The server-finish message also indudes the challenge data 
sent by the client to the server in the dient-hello message. 
The challenge data is encrypted by the sdected bulk dpher 
using the server_write_Jkey. The client decrypts the chal- 
lenge data in order to verify that the key exchange has been 
successful by testing the ability to encrypt and decrypt the 
mutually known challenge data using the newly generated 
session keys. 

RSA Key Exchange Assuming a Session-Identifia Found 
By Client and Server 

Referring to FIG. 5, there is shown a sequence of mes- 
sages transferred through the socket connection when the 
client and server negotiate the handshake protocol at a time 
when each stores a conmion session^dentification in its 
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respective cache memory. The session^Jdentification for a negotiated, provided that there is no time gap between any 

given handshake protocol is stored for a period of time two requests that exceeds the prescribed time interval. 

together with the information generated during the hand- Referring to FIG. 5 in step_the dient-hello message 

shake. That stored information includes the previously sends a session_identification which identifies previously 

agreed upon block cipher and hash function as well as the 5 stored security information (master key, block dpher, hash 

earUer master key. A given session_xdcntification together fiinction) together with challenge data and cipher_specs. 

with its related information is retained in cache memory in server-heUo message sends a connection_Jdentification 

the client and in the server for a prescribed period of time, togedier with a sessioajdentification hit indication. Since 

100 seconds in a current implementation. During that time ^ ^^"^ t^h^^^J' VT*" ^u^^ 

intervaI,ifthecUentappncation again attempts to access the lO if^'^T'' ^'^^^ " " ™- 

Vrt* 4.. . , . identification stored in the server cache. This means that 

server toough a new SSL hbrary connection then th^ new ^^^^^ ^ J^^^^^^ ^^^^^ ^^^^ ^^^^^^ 

connecuoncanusethesaniebloc^cipha; ^^^^ appli^tion and the server appHcation, and that the 

master key that were negotiated during the pnor handshake sessionlidentification information negotiated and stored in 

protocol. ....... conjunction with that prior connection still is available for 

The stored sessionlidentification mformation advanta- i5 use with this later connection. Therefore there is no need to 

geously saves time in establishing secure sockets connec- negotiate a cipher_5pecs or to generate and a new master 

tions without unreasonably coinpromising security. The gen- key or to generate new session keys. The remaining steps in 

eration of session keys is a relatively time consuming task FIG. 5 are identical to the corresponding steps in FIG. 4. 

since it involves the exchange of a master key using a Note that a new session identification is delivered in the 

relatively slow public key algorithm. By using the previ- 20 server-finish message. This new session^dentification sup- 

ously derived 5ession_Jdentification information, the master plants the prior session^identifications which matched, 

key and encrypdon algorithm (a block dpher plus a hash RSA Key Exchange Assuming Session-Identification Match 

function in the preferred embodiment), the most time con- and Qient Authentication 

suming handshake steps can be avoided. This approach is In FIG. 6 the first four messages, dient-hello, server_ 
particularly beneficial, foe example, in applications sudi as 25 hello, client-finish and server-verify are identical to the first 
client-server data transfers involving a client application four messages in FIG. 5, However, the server sends a 
establishing a secure sockets connection with a secure server request-certificate message which includes authentication., 
over the Internet A client application, such as a web browser type and challenge data encrypted with the server_write key 
constructed in accordance with the ja-esent invention for (one of the earlier agreed upon master keys). The 
exan^le, may set up a connection to a remote server in order 30 authentication-type specifies an encryption technique to be 
to retrieve information requested by a client user. used to authenticate the client; several authentication tech- 
For instance, an electronic document containing hyper- niques can be supported by a current embodiment of the 
links may be displayed by the dient browser application. invention as «q)lained in a following section. The challenge 
Whenever a user "clicks" on (or sdects) portion of the data is used in the authentication process. A client-certificate 
document associated with a hyperlink, another electronic 35 message is sent by tiie client to the server. The client- 
document or file or a graphic or some other remotdy stored certificate message includes certificate_type, client_ 
information that corresponds to the Unk is retrieved over the certificate and response_data, all of which are encrypted 
Internet from the server. Before the transfer can occur, using the dient_write_j£^ (one of the earlier agreed upon 
however, the handshake protocol is negotiated, and master key). Several certificate types, described bdow, are 
enccyption/decryption information is developed as described 40 supported by the current embodiment The certificate_type 
above. That information is stored with the session_ indicates which one has been enq)loycd. The clients 
identification for that connection. When Uiat new document certificate contains die data defined by the certificate__type 
(or other information) has been transferred to the client, the value. The response data contains authentication response 
SSL library causes the secure sockets connection used to data whidi is a function of the autfaentication_J:ype sent by 
accomplish the transfer of that next document to be dosed. 45 the server in the request-certificate message. The final step 
The session^dentification information (master key, block is the same as the final steps in FIGS. 4 and 5. 
dpher, hash function) is stored in cache by the client and Difiie-Hellman Key Exchange Assuming No Session- 
server applications for a prescribed time intervals. If within Identification 

that time a user of that same client browser application FIG. 7, illustrates a Dif&e-HeUman (DH) key exdiange in 

"clicks" on another hyperlink, then the client browser appli- so accordance with a current implementation of the present 

cation will set up another sockets connection with the server invention. Hie dient-hello and the server-hello messages, 

to satisfy this latest request Rather than go through the are the same as the coEresponding messages in FIG. 4. Also, 

entire time consuming handshake protocol, however, the the client-finish message and the server-finish message are 

client and server will use the previously generated and the same as cosxesponding messages in FIG. 4. In a present 

stored session_Jdentification information (master key, block 55 implenientation of a DH bey exdiange, a value and a 

dpher, hash function) to secure data transfer through the random numb^ are delivered by the client to the server in 

new socket set up by the SSL library to satisfy this latest a dient-dh-key message. The Y value is a public number 

request. whidi corresponds to a secret number which is the result of 

It will be appreciated that as each subsequent cMent an exponentiation process. The Y value and the random 

request is made to the secure server, a new session^ 60 number are used by both client and server to generate a new 

identification with a new interval timer is stored in the dient randomized k^. In a DH key exchange, both sides in the 

cache memory and in the server cache memory. Thus, die exdiange independently generate the same master key. The 

same block cipher, master key and hash functions can be client-session-key message delivers the session__fcey_l 

used for multiple secure sockets connections, even when the encrypted by a master_jQBy. The dient session-l^y message 

connections occur over a time interval which is extends 65 _also delivers the random number encrypted by the 

beyond the prescribed interval of the original connection for session_Jcey_l. This encrypted random number is impor- 

which the session_identification information was tant in haixiware impAementations of the DH exdiange. 
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E. SSL Library's Sockets API 

Overview of Internet Architecture 

Referring to FIG. 8, there is a generalized illustrative 
representation of a typical protocol stack which resides in 
each host roachine (client and server) connected to the 
Internet Also shown is the encapsulation and decapsulation 
of a typical program data unit (PDU) (or message) as it 
travels from one host to another through the Internet The 
application layer security mechanisms and processes of the 
present invention ordinarily operate in an Internet 
environment, although the invention can be practiced in 
different network environments as well. 

The typical Internet protocol stack includes five network 
"layers". Note that the Internet model lacks the presentation 
and session layers that are proposed in the Litemational 
Standards Organization (ISO) Open Systems Interconnec- 
tion (OSI) Reference Model. During client- server 
communications, information to be transferred from the 
server to the client, for example, is first transferred from 
server application layer computer programs down to the 
server transport layer. Next, the information is transfeired 
down through network, data link and physical layers that 
may be associated with the server, and then up through 
physical, data link and network layers that may be associated 
with tht client. Information transfer down and back up 
througji these lower three layers may involve transfers 
through a comnuinication subnet which may include routing 
devices as illustrated. The information then continues its trip 
up through the client transport layer to the client application 
layer. The transfer of information in the opposite direction, 
firom client to server, involves a similar layer by layer 
transfer but in the opposite direction, starting with the client 
application layer and ending with the server application 
layer. Those skilled in the art will appreciate that there are 
various different protocols that can be used to inclement the 
different protocol layers, and that many variations of the 
basic network model are possible. For a discussion of well 
known network architectures and the typical functions asso- 
ciated with the various layers within the architecture refer to, 
Network Management Standards: SNMP, CMIP, TMN, 
MIBs, and Object Libraries, Second Edition, by Uyless 
Black, McGraw-Hill, Inc., 1994. Also see, Computer 
Networks, Second Edition, by Andrew S. Tanenbaum, 
Rrentice-Hall, Inc., 1989. 

Focus on Application and Transport Layer Security 

In FIG. 9, tho-e is an illustrative drawing providing a more 
detailed view of client side and server side application layer 
and transport layer programs and protocol structures used 
during client-server network communications in accordance 
with a current embodiment of the invention* The client and 
server ^plication layers each include SSL libraries which 
cooperate to provide an application program interface which 
encrypts and decrypts information passed between different 
client and server application programs through a transport 
layer socket connection. The client application layer, for 
example, may include any of numerous types of computer 
Iffograms which rely upon client-server network connec- 
tions. For example, the client application might be a network 
browser application used to provide user access to the World 
^de Web. Alternatively, for instance, the client application 
might be employed for financial transactions involving 
aedit card or home banking. It should be appreciated that 
these are but a few sample types of application programs that 
require security when involved in information transfer using 
a client-server network connection. The server application 
layer, for exaEq)le, may include an HTTP server which 
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provides information to a client browser application in 
response to a client request In a present embodiment, the 
client application layer may includes multiple application 
layer protocols used during transfers of information in 

5 connection with different categories of applications. For 
example, in a present embodiment of the invention, a client 
application may employ HTTP, net work news transfer pro- 
tocol (NNTP), file transfer protocol (FTP), and Telnet Each 
different application protocol is used in communications 

Q involving different server ^plications. For example, NNTP 
is used to access certain news sources over the Internet; FTP 
can be used for file transfers over the Internet; and a Telnet 
can be used for remote login over the Internet. 

An SSL library provides a sockets API that other appli- 
cations can call to encrypt and decrypt information passed 

^ through a socket connection. Moreover, in a current embodi- 
ment of the invention, both the client and the server include 
operating system services which in^}lement respective client 
and server transport layer protocols that use socket type 
connections. These built in transport layer operating system 

:o services may be an integral part of the client and server 
operating systems. That is generally the case, for example, 
witii the UNIX operating system, 

Alternatively, for example, the present invention may be 
practiced in a host (client or server) environment in which 

;5 transport layer socket connection services are implemented 
as part of an application layer dynamic link library (DLL), 
sudi as Winsock for instance, which runs on top of a 
Windows operating system. Winsock is a DLL which pro- 
vides a socket appUcation program interface, but it does not 
provide the socket layer security. 

The illustrative drawing of FIG. 10 shows client and 
server side application layers and transport layers which 
employ the Winsock DLL in conjunction with the SSL 
library in accordance with an alternative embodiment of the 
present invention. In operation, for example, a client appK- 

5 cation calls Winsock to request a socket connection to a 
server application. Winsock, in turn, calls the SSL library 
and requests a connection to the server application. The SSL 
library then calls the operating system protocol stack and 
establishes the socket connection with the server side. The 

0 client side and server side SSL libraries negotiate security. 
Once a security sdieme has been agreed upon, the client side 
SSL library returns a message to "^^sock indicating that a 
socket connection is available. Winsock, in turn, returns a 
message to the calling dient application indicating that a 

5 socket is ready. The client then can proceed to conmiunicate 
with the server application through Winsock and the SSL 
library using the secure socket connection set up by the SSL 
Hbrary. 

The illustrative drawings of HG. 11 shows client and 

0 server side application layers and transport layers which 
employ a variation of the Winsock DLL in conjunction with 
the SSL Uhrary in accordance with another alternative 
embodiment of the present invention. Winsock has been 
modified to incorporate the SSL library functionality into a 

5 new DLL referred to herein as the Winsock/SSL_Jibrary. In 
operation, for example, a client application calls Winsock/ 
SSL_Ubrary to request a socket connection to a server 
application. The Winsock/SSL__iibrary, in turn, calls the 
operating system protocol stack and establishes the socket 

0 connection with the server side. The dient side and server 
side Winsock/SSL^Jibraries negotiate security. Once a 
security scheme has been agreed upon, the client side 
Winsock/SSL_J[ibrary returns a message to the calling dient 
application indicating that a socket is ready. The dient then 

5 can proceed to communicate with the server application 
through the Winsock/SSLJibrary using the secure socket 
connection. 
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SSL Library's Sockets AH 

Briefly summarized, in a present embodiment, the appli- 
cation program interface provided by the SSL library 
includes the following calls: SSL_open, SSL_write, SSL__ 
read and SSL_ciose. 
SSL_open 

When an application calls SSL_open, the SSL library to 
make a request to the operating system transport layer 
service to open a socket connection. The handshake protocol 
takes place between the client side and server side SSL 
libraries. The handshake results in an encryption scheme 
agreed upon by the client and server side SSL libraries. Once 
the handshake has been successfully con:^l^ed, the SSL 
library returns a message to the calling application indicat- 
ing that a socket connection has been opened. 
SSL_write 

When an application calls SSL^write, the SSL library 
encrypts the information presented to it by the application 
using the agreed upon encryption scheme. Hie SSL library 
then calls the operating system transport layer service and 
requests a write of the encrypted message to a server 
designated by the calling plication using the socket con- 
nection created during SSL_open. SSL_jread 

When a host (client or server) that monitors a port 
designated for SSL library communications receives a 
message, the application calls SSL_jread which invokes the 
SSL library which then decrypts the message, and passes the 
decrypted message to the application. 
SSL_close 

When a transfer of information through a socket connec- 
tion created by an SSL_open call is finished or an error 
condition occurs, SSU_dose is called by either the client or 
the server. The SSL library that receives SSL_close sends a 
message instructing the operating system transport layer 
service to close the socket connection. Note that whenever 
an error is detected during inf cnnation transfer, either during 
handshake protocol or actual data transfer, SSLu_close is 
called by the host (client or server) that discovers the error. 
Hiis is a security precaution. 

Thus, the SSL library decrypts information before sending 
it to an application program, and encrypts information after 
receiving it from an application program. Conversely, the 
SSL library encrypts information before sending it to a 
transport layer socket connection, and decrypts infonnation 
after receiving it from a transport layer socket connection. In 
other words, the SSL library only sends and receives clear 
(unencrypted) information to and from application 
programs, and the SSL library only sends and receives 
encrypted information to and from a socket connection. In 
essence, the apparatus and mctiiod of the present invention 
redirects client-SOTer information transfers between ^pli- 
cation layer and transport layer so that die information 
passes through an encryption/decryption mechanism imple- 
mented as client side and server side SSL libraries. Hie 
operation of the security mechanisms and processes of the 
present invention will become more ^parent from the 
following explanation of the flow diagram of FIG. E3. 

F. An Example of the SSL Library in Action 

HG. 12A-C illustrates the operation of the application 
layer and transport layer programs and protocols of FIGS. 9 
and 8 during client-server communications in accordance 
with a present embodiment of the invention. For the purpose 
of explaining the FIG. 12A-C flow diagram, it is assumed 
that the dient application is a network browser and that the 
server ^plication is an HITP server. However, it should be 
appreciated that the invention can be enq)loyed with other 
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types of client and server applications. Furthermore, the 
invention can be practiced with a host that employs an 
application layer DLL, such as Winsock, which provides a 
socket application program interface to host applications. 

5 In FIG. 12A-C a user of a dient browser application 
program, for example, may wish to access additional infor- 
mtation (text, grapldcs, or sound, etc.) that relates to certain 
text or an image or an icon displayed on a client computer 
screen. Referring to FIG. 3, for instance, the dient con^>uter 
screen at first might display the illustrated text describing the 
Worid Wide Web. Embedded in die text is the word, 
'Internet**, which is hi^ghted through underlining and 
holding. The highlighting indicates to die user that the word, 
"Internet**, corresponds to a hyperlink that can be used to 

j2 access a related electronic document that provides more 
information about the Internet When the user "clicks** on (or 
selects) the word 'Internet", the client application retrieves 
from the electronic document a URL such as, 
HTrP:\\HOME.NETSCAPE.C0M\FILENAAIE.HTML, 

20 for example, with a header that identifies a server that has the 
additional information about the 'Internet** sought by the 
user. In practice, for example, the electronic document may 
contain an HTML hyperlink tag tiiat is used to set up a 
client-server relationship in which the sought after "Inter- 

25 net** information stored by a server will be provided to the 
client application in response to the user's "dicking** on the 
word ^Internet** in the electronic document 

Although this exainple is cast in terms of a document 
having an HTML format, the invention may be practiced 

30 with documents or ties using different formats. That is, a 
prefix (like HTTPS), mark^ or name can be added to die 
URL, or other networic address indicator, of almost any file 
or document to indicate that it is to be made "secure** in 
accordance with the invention. For exanq>le, a JPEG, GIF, 

35 MPEG, Postscript or voice files, or ahnost any hypermedia 
document can be made secure using the apparatus and 
methods of the invention. 

Note that even the act of opening an electronic document 
may involve creating multiple socket connections in order to 

40 gather infonnation to be displayed as part of the document 
For exanq>le, document text may be retrieved from one 
server, and each gr£q)hics image in the document may be 
retrieved from another server. The information in the docu- 
ment may be highly confidential. Hence, each of the con- 

45 nections used to open the document in the first place can be 
protected through encryption in accordance with the present 
invention. Moreover, once die document is displayed, it may 
contain hyperlinks to yet other information (text, graphics, 
sound, etc.). It is just such a hyperiink that is the subject of 

50 tiie example iUustrated in FIG. 12A-C. 

Referring again to FIG. 12A-C, die client application 
caUs SSL^opcii to request a sockk coxmection with the 
server identified in the URL associated with die highlighted 
selected word 'Tntcracf*. In Uiis example, the HTIPS header 

55 in die URL indicates that the server is a secure HTTP server. 
The "S** sufSx in the header syntax indicates that the 
connection is to be a secure connection, and that the appli- 
cation should invoke the SSL library. The absence of an "S** 
from the header syntax, that is a normal HTTP header, would 

60 indicate that the connection need not be secure, and that the 
SSL library need not be invoked. Thus, die HTIPS header 
indicates to the application tiiat die SSL library is to be 
called to provide a secure HTTP transfer. Note that the 
protocol known as HTTP itself is not altered or modified. 

65 Rather, information transferred between cUent and server 
appUcations is encrypted/decrypted in transit using die dient 
side and server side SSL libraries. In effect, die SSL libraries 
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provide an additional security layer between application and calls the client operating system transport layer service with 

transport layers. a request to send the encrypted message addressed to the 

It wiU be appreciated that a URL prefix or sufBx or siimiar endpoint using Ihe socket comiection aeated 

identifier can be employed to indicate to an appUcation during the SSL_open. The cUent operating system sends the 

program that the SSL Ubmry should be invoked in comiec- 5 en^^ted cHent appUcation re^^^ 

tion with otiier types of dient-server transfers as weU. For F^l'*=^^ f information tiuns- 

example, an FTPtransfer can be made secure by inserting a the socket connection is secure since it was 

m^ such as, **FrPS", in a URL to indicate that tiie ^^"^ the socket using the agreed upon 

appUcation should caU tiie SSL Ubrary to accompUsh the ^^"^ encryption procedures, 

transfer. The cUent side and server side SSL Ubraries handle lO ^P*^^ ^^^P^ °' encrypted cUent appUcation message 

security while the FTP appUcation remains unchanged. The addressed to tiie designated server port number, the sCTver 

same can be done with NNTP or TeUiet transfers, for caUs SSL_j"ead invokes the SSL Ubrary decryption routines 

example. In each case, the cUent and server SSL Ubraries set ^hidi then decrypt the received message using the agreed 

up a secure socket connection through which all information "P°° decryption scheme. BasicaUy, the server knows that 

is passed in encrypted form. is any message sent to the designated server port number is a 

m response to SSL open, the cUent SSL Ubrary caUs the "^^'^^^ that requires decrypts. Whenever a message 

r: ii^iiv^jE.iiu±ai.y K^^uL^ amves on a server port number designated dunng the 

appropriate dient op^adng system service requesting a sSL_open process, the server calls SSLjead to decrypt 

socket connection with the HTTP server identified m the *urilZi^rS r^^^l„^ ri^r^^^^A tu^ ^^..^„J 

URL. It WiU be appreciated that different cUent computers received m^sage. Once dec^ted the message is 

V TXt MiBv vuuwAwui, ^^vuv wiu^^j.o passcd ovcx to the server appUcation. The HH P server 

may enmloy different operating systems, such as UNIX or y*^^^ ""^ ^^^^ <ippx»^uuii. xii lir aavci 

Windo^ for instance. ^ ^ ' retiieves tiie information requested by tiie cUent appUcation 

^ ' message. 

The client and ttie server estabUsh a socket connection ^s explained above, tiiere is a session_identification 

between them. At tius point m the SSL^open ^ocess, tiie ^^y^ 3^^,,^ cUent-server socket comiection which 

socket connection is not yet a secure one. Ratiier, it is a ^ i^^icates tiic master key, cipher and hash for tiie session, 

typical connection of the general type tiiat the cUent oper- Thi^ sessionjdentification information is used as context 

ating system would set up m response to an application j^e present secure socket comiection, and as explained 

request to open a socket connection. More specificaUy, tiie ^^^^^ ^e re-used in later connections. 

cUent operating system transport layer service, over a net- tttu *u . j ^ ^ • r 

1 j: I ^ J. 1 J . T-T/-. a When the server has retneved the requested information, 

work architecture of the general type disclosed m FIG. 8, ^, „ ^, ««t i-u vt. oot 

_ . . %u 4.U J- ^ ^ ' 30 It then calls tiie server SSL Ubrary with an SSL__wnte 

commumcates with the coiresponding operating system *• j i- * j • * ^ r^^t^ V- . 

. ^ ^ J . r J . . J irtrnr* rcqucstiug deUvcTy of tUc rcqucsted inf ormatiou to thc cUcut 

service tiansport layer service of the designated HTTP „.7 rf. -j cot tu 

. ♦Cru V* -I '* J J • si<*e endpoint. The server side SSL Ubrary encrypts 

server to estabUsh a dientendpomt and a server enttoomt for ;„4u,™„f;jr„ „„j *u^^ tu^ S <i™ 

^ 1 ^ ™ ^ ^ iniormation, and then calls the server operating system 

a transport layer socket connection. The cUent endpomts are • j * r*t. * j 

^ A A u *z ••mjj / TNXTo transport layer service and requests a write of the encrypted 

aid S.^'^SSr^V^CT^e^ etS S " "^^^^^ ''"^^ ^"^^ '^"^"^ 

contains a Srt"nmnb« which Ste the ToiJ^' and system ttanspart kycr semce handles the «qu^^^^ 

destination ^ of a message. The lower level protocols deliveis ttie message to the dient application endpomL 

cany the IP address. A host (dient or server) can determine . ''^'P} f encrypted server message ad&essed 

whether or not a message is encrypted based upon the port ^ '° *\*!^»8iiated chent port nimber the dient application 

numbers in the TCP heider. *- ^ to calls SSLjead to invoke fte SSL library decryption rou- 

•nn. ... ■• ^ J ^ . ■ ^ tioes which then decrypt the received message using the 

f f '"^''^'''^^^^''i'T''^^*'??'''' agreed upon decryption sdieme. THe client sidi SSL library 

established the sodcet connection described above, the dient then ddivers the decrypted HTTP server message to the 

<q)eiatmg system returns a message to the SSL Ubrary gji^j application 

indi«tingsuccessfulcoimecUoiLThecUentsideSSLU^ 45 RnaUy, the dient appUcation displays on the cUent dis- 

and the server side SSL hbraiy then engage in a handshake ^ ^ infoimatiorcorrespondiig io the selected word, 

protocol in accordance with the mvention using the socket !ir„Ln..t» wh.v* rT. ^^^Jfr^TA^Hr^^^ 

connection that has been established by the die^ and server ^«»et"' wMi was retneved from the HTTPS servet The 

u. vo»>/u3u»u wi^ui ouu aw » SI server calls SSL dose to dose the socket connection when it 

operating system services. Dunng tiie handshake procedure, ^^^^^ information, 

for example, encryption/decryption precautions are 50 i»tuuiufi uic «>4utaicu imuiumuuu. 

negotiated, the server is authenticated and the integrity of the G. Record Protocol Spedficadon 

socket security is checked. A detailed explanation of tiie in this section, additional d^ails are provided concerning 

handshake protocol is provided elsewhere in tius spedfica- sSL record formats, handshake protocols and securiiy tech- 

tion. Once tiie handshake procedure has been successfuUy niques employed by a presentiy preferred embodiment of tiie 

coir5)leted, the cUent SSL Ubrary returns to the cUent ^pU- 55 invention, 

cation a message indicating tiie HTTP server endpoint of tiie sSL Record Header Format 

socket connection. Meanwhile, tiie server side SSL Ubiary in sSL, aU data sent is encapsulated in a record, an object 

Ustens on the endpoint port ^hich is con^wsed of a header and some non-zero amount 

Next, continuing with the above example, the cUent of data. Each record header contains a two or three byte 

appUcation sends an SSL_write to the cUent side SSL 60 lengtii code. If tiie most significant bit is set in the first byte 

Ubrary with a message addressed to the designated server of the record length code then the record has no padding and 

endpoint requesting the information relating to the selected the total header length wiU be 2 bytes, otherwise the record 

word **Intemet" that appeared in the electronic document. In has padding and the total header lengtii wiU be 3 bytes. The 

response to tiie SSL_write, the cUent side SSL Ubrary record header is transmitted befca-e the data portion of tiie 

encrypts tiie cUent appUcation message using an encryption/ 65 record. 

decryption scheme agreed upon for tiie connection during Note tiiat in tiie long header case (3 bytes total), the 

the handshake negotiation process. The cUent side SSL ttien second most significant bit in tiie first byte has special 
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meaning. When zero, the record being sent is a data record SEQUENCE-NUMBER. The SEQUENCE-NUMBER is a 

When one, the record being sent is a security escape (there 32 bit value which is presented to the hash function as four 

are ciurentiy no exanq>les of security escapes; this is bytes, with the first byte being the most significant byte of 

reserved for future versions of the protocol). In either case, sequence number, the second byte being the next most 
the length code describes how much data is in the record. 5 significant byte of the sequence number, the third byte being 

The record length code does not indude the number of ™st significant byte, and the f ourdi byte being the 

bytes consumed by the record header (2 or 3). For the 2 byte l^as^ jgnificant byte (that is, in network byte order or "big 

header, the record length is computed by (using a "C*-like ^^^fL ^ ^ ^ ^ . , u • 

J \ & MAC-SEE is a function of the digest algonlhm bemg 

noiaaon;. ^ MAC-SIZE will be 16 bytes 

RECORI>-IJENCmiK(byte[O]&0x7f)<<8))lbyte[l]; ^^^Sie'^^CRET value is afunction of whichparty is sending 

^ t. ^ L . ^ ^ t_ ^ ttie message and what kind of key exchange algorithm/ 

Where byte[0]rqiresents the first byte recaved and byte[l] cipher was chosen. 

thesecondbytereceived.Whenthe3byteheaderisused,the the non-tofcen key exchange algoritos (e.g. RSA, 

record length is coinputed as follows (using a "C"-like 15 pH); 

notation): If the client is sending the message then the SECRET is 

the CLBSNT-WRITE-KEY (the server will use the 
RECORD-LENCjrH=((byte[0]&ax3f)«8))lbyte[l] ; SERVER-READ-KEY to verify the MAC), ff the cUent is 

IS-ESCAPE=(byte[01 & 0x40)!=0; receiving the message then the SECRET is the CUENT- 

PADDING=byte[2]; 20 READ-KEY (the server will use the SERVER-WRITE-KEY 

to generate the MAC). 

The record header defines a value called PADDING. The For the token key exchange algorithms (e.g. RSA- 
PADDING value specifies how many bytes of data were TOKEN, DH-TOKEN, FOKTEZZA-TOKEN): 
appended to the original record by the sender. The padding The SECRET value is the RANDOM-NUMBER from the 
data is used to make the record length be a multiple of the 25 CLIENT-SESSION-KEY message. The value is used iden- 
block ciphers block size when a block df^er is used for tically by the client and the server for both sending and 
encryption. The sender of a '*padded" record appends the receiving. 

padding data to the end of its normal data and then encrypts The SEQUENCE-NUMBER is a counter which is incre- 
the total amount (which is now a multiple of the block mented by both the sender and the receiver. For each 
cipher's block size). The actual value of the padding data is 30 transmission direction, a pair of counters is kept (one by the 
unimportant, but the encrypted form of it must be transmit- sender, one by the receiver). Every time a message is sent by 
ted for the receiver to properly decrypt the record. Once the a sender the counter is incremented. Sequence numbers are 
total amount being transmitted is known ±c header can be 32 bit unsigned quantities and must wrap to zero after 
properly constructed with the PADDING value set appro- incrementing past OxFEFFFFFF. 
priately. 35 The receiver of a message uses the expected value of the 

The receiver of a padded record decrypts the entire record sequence number as input into the MAC HASH function 
data (sans record length and the optional padding) to get the (the HASH function is chosen firom the CIPHER-CHOICE), 
dear data, then subtracts the PADDING value from the The computed MAC-DATA must agree bit for bit with the 
RECORD-LENGTH to determine the final RECORD- transmitted MAC-DATA. If the comparison is not identity 
LENGTH. The clear form of the padding data must be 40 then the record is considered damaged, and it is to be treated 
discarded. as if an "1/0 Error** had occurred (i.e. an unrecoverable error 

SSL Record Data Format is asserted and the connection is closed). 

The data portion of an SSL record is con[qx>sed of three A final consistency check is done when a block cipher is 
con^nents (transmitted and received in the order shown): used and the protocol is using encryption. The mount of data 

45 present in a record (RECORD-LENGTH)) must be a mul- 
MAC-DATAIMAC-SIZE] tiple of the cipher's block size. If the received record is not 

ACTUAL-DATA [N] a multiple of tiie cipher's block size then the record is 

PADDING-DATA [PADDING] considered damaged, and it is to be treated as if an "1/0 

Error** had occurred (Le, an unrecovaable error is asserted 

ACTUAL-DATA is the actual data being transmitted (the 50 and the connection is closed), 
message payload). PADDING-DATA is the padding data The SSL Record Layer is used for all SSL 
sent when a block cipher is used and padding is needed communications, including handshake messages, security 
Finally, MAC-DATA is the '^message Authentication Code". escapes and application data transfers. The SSL Record 

When SSL records are sent in the clear, no cipher is used. Layer is used by both the dient and the server at all times. 
Consequently the amount of PADDING-DAEA will be zero 55 For a two byte header, the maximmn record length is 
and the amount of MACDATA will be zero. When enoyp- 32767 bytes. For the three byte header the maximum record 
tion is in effect* the PADDING-DATA will be a function of length is 16383 bytes. The SSL Handshake Protocol mes- 
the cipher block size. The MAC-DATA is a function of the sages are constrained to fit in a single SSL Record Protocol 
CIPHER-CHOICE (more about that later). record. Application protocol messages are allowed to con- 

The MAC-DATA is computed as follows: 60 sume multiple SSL Record Protocol record's. 

Before the first record is sent using SSL all sequence 
MAC-DATA: =HASH[SECRET, ACTUAL-DATA, numbers are initialized to zero. The transmit sequence 

PADDING-DATA, SEQUENCE-NUMBER] number is incremented after every message sent, starting 

with the CUENT-HELLO and SERVER-HELLO messages. 

Where the SECRET data is fed to the hash function first, 65 Out of Band Data, 
followed by the ACTUAL-DATA, which is followed by the SSL Version 3 supp>orts the transmission and reception of 
PADDING-DATA which is finally followed by the "out of band data". Out of band data is normally defined at 
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the TCP/IP protocol level, but because of SSL's privacy 
enhancements and support for block ciphers, this becomes 
diflScult to support 

To send out-of-band data, the sender sends an escape 
record whose body contains a single byte of data indicating 
the escape type code: 

char escape-tee-code 

The escape-type-code value should be SSL__Er_OOB_ 
DATA. The record following the escape record will be 
interpreted as "out-of-band" data and will only be made 
available to the receiver through an unspecified mechanism 
that is different than the receivers normal data reception 
method. The transmitted data record and the escape record 
are transmitted normally (i.e. encryption, MAC 
computations, and block cipher padding remain in effect). 

Note that the escape record and the foliowing record are 
sent using normal TCP sending mechanisms, not using the 
"out of band" mechanisms. 

H. Handshake Protocol 

In this section, additional details are provided concerning 
the SSL handshake protocol and security techniques 
employed by a presently preferred embodiment of the inven- 
tion. 

Protocol Flow 

The handshake protocol includes several phases. In a 
present embodiment of the invention, the first phase is the 
**helIo" phase which is used to define the capabilities of the 
client and server and to agree upon a set of algorithms to use 
for fffivacy and authentication. The first phase also allows 
fox the discovery of a "session-identification", and if present, 
to sk^) some of the successive phases. The following mes- 
sages are exchanged in the hello phase: 

CUENT-HELLO 

SERVER-HELLO 

The second phase is the key exchange phase during which 
key material is exdianged between the client and server. The 
key exchange results in the client and saver sharing a master 
key. The following are exchanged in the key exchange 
I^ase: 

CUENT-MASTER-KEY 
CUENT-DH-KEY 

The third phase is the session key production phase in 
which the actual session keys that wiU be used during the 
current communication session are produced. The following 
are exchanged in he session key production phase: 

CUENT-SESSION-KEY 

The fourth phase is the server-verify phase which, in the 
current embodiment, is used only when the RSA key 
exchange algorithm is used. This phase verifies the server*s 
discovery of the master key and subsequent generation of 
the session keys. The following messages are exchanged in 
the server verify phase: 

SERVER-VERIFY 

The fifth phase involves client authentication. This phase 
is used only for key exchange algorithms that do not 
authenticate the client. Currently, only the RSA key 
exchange algorithm fails to authenticate the client. The 
foUowing messages are exchanged in the client authentica- 
tion phase: 

REQUEST-CEKnFICATE 

CUENT-CERnFICATE 

The sixth phase is the final phase during which both sides 
of the conversation exchange '^finish" messages. The fol- 
lowing messages are exchanged in the finished phase: 
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CLIENT-FINISHED 
SERVER-FINISHED 
Errors 

Error handling in the SSL Handshake protocol is very 
5 simple. When an error is detected, the detecting party sends 
a message to the other party. Errors that are not recoverable 
cause the client and server to abort the secure connection. 
Servers and client are required to **forget** any session 
identifiers associated with a failing connection. 

The SSL Handshake Protocol defines the following 
errors: 

NO-aPHER-ERROR 

The above error is returned by the dient to the server 
when it cannot find a cipher or ksy size that it supports that 
is also supported by the server. This error is not recoverable. 

NO-CEKnHCATE-ERROR 

20 When a REQUEST-CERnFICATE message is sent, the 
above error may be returned if the client has no certificate to 
reply with. This error is recoverable (for client authentica- 
tion only). 

25 BAD-CERnnCATE-ERROR 

The above error is returned when a certificate is deemed 
bad by the receiving party. Bad means that either the 
signature of the certificate was bad or that the values in the 
30 certificate were inappropriate (e.g. a name in the certificate 
did not match the expected name). This error is recoverable 
(for client authentication only). 

UNSUPPORrED-CEKnFICArE.TYPE-ERROR 

35 

The above error is returned when a dient/server receives a 
certificate type that it can't support This error is recovCTable 
(for client authentication only). 
Handshake Protocol Messages 

40 Handshake protocol messages are encapsulated using the 
"SSL Record Protocol". The messages are composed of two 
parts: a single byte message code and some data. The cUent 
and server exchange messages until both sides have sent 
their "finished" message, indicating that they are satisfied 

45 with the handshake protocol conversation. While one end of 
the conversation may have finished, the other end may not 
Therefore, the finished end must continue to receive proto- 
col handshake messages until it receives a "finished" mes- 
sage from its peer. 

50 After the pair of session keys has been determined by each 
party, the message bodies are encrypted. For the client, this 
happens after it verifies the session-identifier or creates a 
new master key and has sent it to the server. For the server, 
this happens after the session-identifier is found to be good, 

55 or the server receives the client's master key message. 
The following notation is used in the preferred embodi- 
ment for SSLHP messages: 

char MSG-EXAMPLE 
60 charFIELDl 
char FIELD2 
char THING-MSB 
char THING-LSB 

char THING-DArA[(MSB«8)ILSB]; 

65 

This notation defines the data in the protocol message, 
including the message type code. The order is presented top 



09/03/2003, EAST Version: 1.04.0000 



5,6t 

21 

to bottom, with the top most element being transmitted first, 
and the bottom most element transfenred last 

For the 'TfflNG-DATA" entry, the MSB and LSB values 
are actually THING-MSB and THING-LSB (respectively) 
and define the number of bytes of data actually present in the 
message. For example, if THINGMSB were zero and 
THING-LSB were 8 then the TfflNG-DATA array would be 
exactly 8 bytes long. This shorthand is used below. 

Lengdi codes are unsigned values, and when the MSB and 
LSB are combined the result is an unsigned value. Unless 
otherwise specified lengths values are "length in bytes". 
"ERROR Message 

The ERROR message may be sent clear or encrypted. The 
error message may be sent in a numbo: of the Handshake 
I^otocol phases. Its format is: 

diar MSG-ERROR 

char ERROR-CODE-MSB 

char ERROR-CODE-LSB 

Hiis message is sent when an error is detected. If the 
message is sent after session-key have been negotiated then 
the mess^e is sent encrypted, otherwise it is sent in the 
clear. Also, if the error is unrecoverable then the sender shuts 
down its connection after sending the error. In a sinular 
fashion the receiver will dose its connection upon recdpt of 
an unrecoverable error. 
"Hello" Phase Messages: 

The ^^Hello" phase messages are used by client and server 
inform of security and encryption capabilities. The security 
and encryption information is contained the CIPHER- 
SPECS data passed initially firom the client to the server. 
This data defines the kinds of security and encryption 
algorithms that the client can support The data is made 
available to the serva in the CUENT-HELLO message. The 
CIPHER SPECS contain the key exchange algorithms sup- 
ported by the client in server and the certificate types 
supported by the client. The server is required to examine the 
CIPHER-SPECS sent by the client and remove any that it 
does not support and any that it chooses not to support. In 
addition, for SSL version 3, the server is required to choose 
a single key exchange algorithm firom the choices provided 
by the client. 

The encryption and security capabilities that are resolved 
by the "Hello" phase messages are: 

Hie key exchange algorithm and certificates for each 
end^int (the client's certificate is optional). 

The synametric dpher algorithm the session-lQ5y(s) for it 
and any key argument data. 

Th& hash fiinction used for MAC computations, hand- 
shake hash conq>utation and session key production. 
Client-Hello 

The dient-hello message is sent in the dear. The form of 
the client-heUo message is as follows: 

char MSG-CLIENT-HELLO 

char CUENT-VERSION-MSB 

char CUENT-VERSION-LSB 

char aPHER-SPECS-LENGTH-MSB 

char OPHER-SPECS-LENGTH-LSB 

char SESSION-ro-LENGTH-MSB 

char SESSION-ID-LENGTH-LSB 

char CHALLENGE-LENGTH-MSB 

char CHALLENGE-LENGTH-LSB 

char CIPHER-SPECS-DArA[(MSB«8)ILSB] 

char SESSI0N-ID-DArAl(MSB«8)ILSB] 

char CHALLENGE^DArA[(MSB«8)ILSB] 
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When a client first connects to a server it is required to 
send the CUENT-HELLO message. The server is expecting 
this message firom the client as its first message. A is an error 
for a client to send anything dse as its first message. 

5 The client sends to the server its SSL version (currently 
there are several versions of the novel SSL), its cipher specs 
(see bdow), some challenge data, and the session-identifier 
data. The session-identifier data is only sent if the client 
found a session-identifier in its cache for the server, and the 

10 SESSION-ID-LENGTH will be non-zero. When there is no 
sessioit-identifier for the server SESSION-ID-LENGTH 
must be zero. The challenge data is used to authenticate the 
server. After the client and server agree on a pair of session 
keys, the server returns a SERVER-VERIFY message with 

15 the encrypted form of the CHALLENGE-DATA. 

Also note that the server will not send its SERVER- 
HELLO message until it has recdved the CUENT-HELLO 
message. This is done so that die server can indicate the 
status of &e client's session-identifier back to the client in 

20 the server's first message (i.e. to inaease protocol effidency 
and reduce the number of round trips required). 

The server examines the CLIENT-HELLO message and 
will verify that it can support the client version and one of 
the client dpher specs. The server can optionally edit die 

25 dpha specs, removing any entries it doesn't choose to 
support The edited version will be returned in the SERVER- 
HELLO message if the session-identifier is not in die 
server's cache. 
The aPHER-SPECS-LENGTH must be greater than 

30 zero and a multiple of 3. The SESSION-ID-UENGTH must 
either be zero or 16. TTie CHALLENGE-LENGTH must be 
greater tiian or equal to 16 and less than or equal to 32. 

This message must be the first message sent by the client 
to the server. After die message is sent die client waits for a 

35 SERVER-HELLO message. Any other message returned by 
the server (other than ERROR) is disallowed 
Server-Hello 

The SERVER-HELLO message is sent in die clear. The 
format of the SERVER-HELLO message is as follows: 

40 

char MSG-SERVER-HELLO 

char SESSION-ID-HTT 

char CEKnFICATE-TYPE 

char SERVER-VERSION-MSB 
45 char SERVER-VERSION-LSB 

char CmOTFICArE-LENGrH-MSB 

char CERnFICATE-LENGTH-LSB 

char aPHER-SPECS-LENGTH-MSB 

char OPHER-SPECS-LENGTH-LSB 
50 char CONNECnON-ID-LENGrH-MSB 

char CONNECnON-ID-LENGTH-LSB 

char CEKnnCArE-DArA[MSB«8)ILSB] 

char CIPHER-SPECS-DArA[MSB«8)ILSB] 

char CONNECnON-ID-DArA[MSB«8)lLSB] 

55 

The saver sends diis message after recdving the clients 
CLIENT-HELLO message. The server returns the 
SESSION-ID-HTT flag indicatmg whether or not die 
received session-identifier is known by the server (i.e. in die 

60 server's session-identifier cadie). The SESSION-XD-HTT 
flag will be non-zero if die client sent the server a session- 
identifier (in die CUENT-HELLO message witii SESSION- 
ID-LENGTH 0) and the server found the client*s session- 
identifier in its cache. If die SESSION-XD-HTT flag is 

65 non-zero dien die CEKITFICArE-TYPE, CEKTIFICArE- 
UENGTH and CIPHER-SPECS-LENGTH fidds will be 
zero. 
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The UiKi ihiCATE-TYPE value, when non-zero, has one 
of the values described above (see the information on the 
ajENT-CERTIFICArE message). 

When the SESSION-D-HTT flag is zero, the server pack- 
ages up its certificate, its cipher specs and a connection-id to 
send to the client Using this information the client can 
genaale a ses sion key and return it to the server with the 
CLIENT-MASTER-KEY message. 

When the SESSION-ID-HIT flag is non-zero, both the 
server and the client compute a new pair of session keys for 
the current session derived from the MASTER-KEY that 
was cxdianged when the SESSION-ID was created The 
SERVER-READ-KEY and SERVER-WRJTE-KEY are 
derived from the original MASTER-KEY keys in the same 
manner as the CLIENT-READ-KEY and CUENT-WRTTE- 
KEY: 

SERVER-READ-KEY :=CLIENT-WRirE^KEY 
SERVER-WRTTE-KEY :=CLIENT-READ-KEY 

Note that when keys are being derived and the SESSION- 
ID-Hrr flag is set and the server discovers the client's 
session-identifier in the servers cache, then the KEY-ARG- 
DATA is used from the time when the SESSION-ID was 
established. This is because the client does not send new 
KEY-ARG-DATA (recall tiiat the KEY-ARG-DATA is sent 
only in the CLIENT-MASTER-KEY message). 

The CONNECnON-ID-DATA is a string of randomly 
geno-ated bytes used by the server and client at various 
points in the protocol. The CUENT-FINISHED message 
contains an encrypted version of the CONNECTION-ID- 
DATA. The length of the CONNECTION-ID must be 
between 16 and than 32 bytes, inclusive. 

The dPHER-SPECS-DATA define the kind of algo- 
rithms supported by the sender. Each SESSION-CIPHER- 
SPEC is 3 bytes long and looks like this: 

char CIPHER-KIND-0 
char CIPHER-KIND- 1 
char CIPHER-KIND-2 

Where CIPHER-KIND is one of(for SSL version 2 and 
version 3): 

SSL_CKLJRC4_128_WirH_MD5 
SSL_CKJRC4_128_:EXPORT40_WirH_MD5 
SSL_CKJRC2_128_CBC_WirH_31D5 
SSL_CK_RC2128_CBC_EXPOKr40_WITH_31D5 
SSL_CKLJ[DEA_128_CBC_WrrH_MD5 
SSL_CILJ)ES_64_CBC_WirH_MD5 
SSL„CKJ)ES_192_JEDE3_CBC_WirH_>ID5 

The foUowing CIPHER-K[ND's are added for SSL ver- 
sion 3: 

SSL__aL_'NULL_WirH_J^D5 
SSL_CK_DES__64_CBC_WrrH_SHA 
SSL_CILJ>ES_192 EDE3_CBC_WirH_jSHA 

SSL_JCEA^A 

SSL_JCEA_J^A_TOKEN_WrrH_j:)ES 
SSL_KEA_RSA_T0KEN_WirHJ)ESJBDE3 
SSL_KEA_JiSA_T0KEN_WirH_JlC4 
SSL_KEA_JDH SSL_KEA_DH_TOKEN_WrrH_JDES 
SSL_JCEA_JDH__TOKEN_WTrH_DES _EDE3 
SSL_KEA_J)H_AN0NYMOUS . 
SSL„KEA_DH_TOKEN_ANONYMOUS_WITH_ 
DES 
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SSL_KEA_DH_TOKEN_ANONYMOUS_WITH„ 
DES_EDE3 

SSL_JCEA_FORTEZZA_SSL„KEA_FORTEZZA_ 
ANONYMOUS 
5 SSL_KEA_-FORTEZZA_TOKEN 

SSL_KEAJORTEZZA_TOKEN_ANONYMOUS 

Note that additional or different algorithms may be used 
without departing from the invention. 
10 The server receives OPHER-KIND-DArA from the cli- 
ent and culls out the ciphers the server does not want to 
support. In addition, for SSL version 3 the server must 
eliininate all but one of the key exchange algorithm's. 
The SSL„CK^C4_128_EXPOKr40_WTrH_J4D5 
15 dpho: is an RCI cipher where some of the session key is sent 
in the clear and the rest is sent encrypted (exactly 40 bits of 
it). MD5 is used as the hash function for production of 
MAC'S and session key's. This cipher type is provided to 
support "export" versions (i.e. versions of the protocol that 
20 can be distributed outside of the United States) of the client 
or server. 

An exportable in^lementation of the SSL Handshake 
Protocol will have secret key lengths restricted to 40 bits and 
only support either RC2, RC4 or both. For non-e;q)ort 
25 implementations key lengths can be more generous (we 
reconunend at least 128 bits). It is permissible for the client 
and server to have a non-intersecting set of stream ciph^s. 
This, simply put, means they cannot communicate. 
The SSL Handshake Protocol defines the SSL_CK_- 
30 ROI_128_WirH_3IDS to have a key length of 128 bits. 
The SSL_CK^C4_J 28_BXPORT40_WrrH_MD5 
also has a key length of 128 bits. However, only 40 of the 
bits are secret (the other 88 bits are sent in the clear by the 
client to the server). 
35 The SERVER-HELLO message is sent after the server 
receives the CLIENT-HELLO message, and before the 
server sends the SERVER-VERIFY message. 
Key Exchange Phase Messages 
The "Key Exchange" phase is used to establish a 
40 MASTER-KEY that is a shared secret between the client and 
the server. The kind of message sent by the client is 
dependent on the key exchange algorithm chosen by the 
server. If an RSA key exchange algorithm is used then the 
CUENT-MASTER-KEY message will be sent. The 
45 CUENT-DH-KEY is used for Diffie-Hellman style key 
exchanges (e.g. DH and FORTEZZA). 

In addition, session key production is a function of the 
Kind of key exchange algorithm 'Token" key exchange 
algorithms use the CUENT-SESSION-KEY message to 
so define the session keys. Non-token key exchange algo- 
rithm's use the key production facilities described in below 
in the section describing session-key production. 
Client-Master-Key 
The client-master-key is sent pranarily in the clear. The 
55 fomiat of the client-master-key message is as follows: 

char MSG-CLIENT-MASTER-KEY 
char aPHER-KIND [3] 
char CLEAR-KEY-LENGTH-MSB 
60 char CLEAR-KEY-LENGTH-LSB 

char ENCRYFTED-KEY-LENGTH-MSB 
char ENCRYPTED-KEY-LENGTH-LSB 
char KEY-ARG-LENGFTH-MSB 
char KEY-ARG-LENGTH-LSB 
65 char CLEAR-KEY-DArA[MSB«8)ILSB] 
char ENCRYFrED-KEY-DArA[MSB«8)lLSB] 
char KEY-ARG-DArA[MSB«8)ILSB] 
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The client sends ttds message when it has determined a 
master key for the server to use. Note that when a session- 
identifier has been agreed upon, the dient-master-key mes- 
sage is not sent 

The CIPHER-KIND field indicates which cipher was 
chosen from the server's CIPHER-SPECS. 

The CLEAR-KEY-DATA contains the dear portion of the 
MASTER-KEY. The CLBAR-KEY-DATA is combined with 
the SECRET-KEY-DATA (described shortly) to form tiie 
MASTER-KEY with the SECRET-KEY-DATA being the 
least significant bytes of the final MASTER-KEY. The 
ENCRYFTED-KEY-DArA contains the secret portions of 
the MASTER-KEY, encrypted using the server's public key. 
The encryption block is formatted using block type 2 from 
PKCS#1, as specified in RSA Encryption Standard, Version 
1.5, Nov. 1993. The data portion ofthe block is fOTmatted as 
follows: 

char SECRET-KEY-DATALSECREr-LENGTH] 

SECRET-LENGTH is the number of bytes of each session 
key that is being transmitted encrypted. The SECRET- 
LENGTH plus the CLEARKEY-LENGTH equals the num- 
ber of bytes present in the df^er key (as defined by the 
CIPHER-KIND). It is an error if the SECRET-LENGTH 
found after decrypting the PKCS#1 formatted encryption 
block does not match the expected value. It is also an eirca: 
if CLEAR-KEY-LENGTH is non-zero and the CIPHER- 
KIND is not an export cipher. 

If the key algorithm needs an argument (for exan^le, 
DES-CBC's initialization vector) then the KBY-ARG- 
LENGTH fields will be non-zero and the KEY-ARG-DATA 
will contain ttie-relevant data. For the 

SSL_CKL-RC2_128_CBC_WITH_31D5 

SSL_CKJlC2_128_CBC_JEXPOKT40_WrTH_31D5 

SSL_CKJDEA^128_CBC_WrTH_MD5 

SSLwCK_DES_64_CBC_WTTH_MD5 

SSL_CK_DES_192JBDE3_CBC_WTTH_MDS 

SSL_CK_DES_64_CBC_WTrH_SHA 

SSL_CK_DES_192JDE3_CBC_WrrH_SHA 

algorithms the KEY-ARG data must be present and be 
exactly 8 bytes long. 

The CUENT-MASTER-KEY message must be sent after 
the CUENT-HELLO message and before the CLIENT- 
FINISHED message. The CUENT-MASTER-KEY mes- 
sage must be sent if the SERVER-HELLO message contains 
a SESSION-ID-HIT value of 0. 

Session Key lYoduction 

Client and server session key production is a function of 
the GPHERCHOICE (Note that this step is sk^ped for 
"token" key exchange algorithm's — the CLIENT- 
SESSION-KEY message is used instead): 
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SSL_CK_NULL„WTrH_3IDS 
SSL_aejlC4_128_WITH_JMD5 
SSL_CK_RC4_128_EXPOKr40_WinL31I>5 
^ SSL_CKLJiC2_128_CBC_WITH31I>5 

SSL_CiejlC2_128_CBC_JSXPOKr40_WirH_MD5 
SSL„CKJDEA^128_CBC_WITH_MD5 



10 KEY-MATERIAL-0:=MD5 [MASTER-KEY, "0", 
CHALLENGE, CONNECnON-ID 
KEY-MATERIAL-I :=MD5 [MASTER-KEY, "1", 
CHALLENGE, CONNECTION-ID 

CUENT-READ-KEY :=KEY-MArERIAL-0[0-15] 
CUENT-WRITE-KEY :=KEY-MArERIAL-l [0-15] 

Where KEY-MATEEIIAL-OIO-IS] means the first 16 
20 bytes of the KEY-MATERIAL-0 data, with KEY- 
MAIERIAL-0[0] becoming the most significant byte of the 
CUENT-READ-KEY. 

Data is fed to the MD5 hash function in the cn-der shown, 
from left to right: first the MASTER-BCEY, then the *'0'' or 
25 "r, then the CHALLENGE and then finally the 
CONNECnON-m. 

Note that the "0" means the ascii zero character (0x30), 
not a zero value, "1" means the asdi I character (0x31). 
MD5 produces 128 bits of ou^ut data which are used 
directly as the key to the cipher algorithm (The most 
significant byte of the MD5 output becomes the most 
significant byte of the key material). 
Finally, note that although the NULL cipher produces 
3^ session keys in the same was as the other ciphers listed, the 
session keys are not actually used for encryption. However, 
they are used for the SECRET value in the MAC compu- 
tation. 



^ SSL_CK.JDES_64_CBC_WnH3!D5 
SSL_CKJ)BS_64^CBC_WinL_SHA 
KEY-MATERIAL -0:= HASH[MASTER- 
KEY, 

CHALLENGE, CONNECnONJD 
CLIEyr*K£AD-KEY:= KEY-MAIERIAL-0 
45 [0-7] 

CUENT-WItIIE-KEY:= KBY-MAIERIAL-O 



For DES-CBC, a single 16 bytes of key material are pro- 
50 duced using HASH. The first 8 bytes of the hash fimction 
results are used as the CUENT-READ-KEY while the next 
8 bytes are used as the CUENT-WRITE-KEY The initial- 
ization vector is provided in the KEY-ARG-DATA. Note 
that the raw key data is not parity adjusted and that this step 
must be performed before the keys are legitimate DES l^y s. 



SSL_CKJDEa_192L-EDE3_CBC_WrnL31D5 
SSI^C^J)ES_19?JEDB3_CBC_WIIH_SHAKBY_MAIERIAL-0:= 

hashimaster-key; -or*. 

CHALLENGE, CONNECnON-ID 
KEY-MAIERIAL-L= HASH[MASriER-KEX T 

CHALLENGE, CONNECTIOK-ID 
KBY-MAIBRIAI^2:= HASH[MASTER-KEY, **r, 

CHALLENGE, CONNECnON-ID 
CLIENT-READ-KEY-0:=: KEY-MAIERLAL-OfO-?] 
GLIENT-READ-KEY-Ls KEY-MAIERLALO[8-15] 
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-continued 

CUENT-RBAD-KEY-2:= KEY-MAIERlAL-I(a-7] 
CLaENT-WRnE-KEY-0:= KEV-MAIERIAL-I(8-151 
CLIENT-WRirE-KEY.L-= KBY-MAIERIAL.2[0-7] 
CLIENT.WRITE-KEY-2:= KEY-MAIERIAL-2[8-IS] 



Data is fed to the HASH function in the order shown, from 
left to right: first the MASTER-KEY, then the *D'\ "1" or 
"2",then the CHALLENGE and then finaUy the 1° 
CONNECnON-ID. Note that the "0" means the ascu zero 
character (ftx30), not a zero value. "1" means the asdi 1 
character (0x31). **2"means the ascii 2 character (0x32). 

A total of 6 keys are produced, 3 for the read side 
DES-EDE3 cipher and 3 for the write side DES-EDE3 15 
function. The initialization vector is provided in the KEY- 
ARG-DATA. The keys that are produced are not parity 
adjusted This step must be performed before proper DBS 
keys are usable. 

Recall that the MASTER-KEY is given to the server in 20 
the CLIENT-MASTER-KEY message. The CHALLENGE 
is given to the server by the client in the CUENT-HELLO 
message. The CGNNECnON-lD is given to the client by 
the server in the SERVER-HELLO message. This makes the 
resulting cipher keys a function of the original session and 25 
the current session. Note that the master key is never directly 
used to encrypt data, and therefore cannot be easily discov- 
ered 

CUent-DH-Key 

The dient-DH-Key is sent primanly in the clear. The form 30 
of the client-DH-Key message is as follows: 

char MSG-OJENT-DH-KEY 
char Y-LENGTH-MSB 

charY-LENGTH-LSB 35 
char CERnnCATE-TYPE 
char CERnHCATE-LENGTH-MSB 
char CERnFICATE-LENGTH-LSB 
dxai RANDOM-LENGTH-MSB 

char RANDOM-LENGTH-LSB 40 
char Y-DArA(MSB«8ILSB] 
char CERnHCArE-DArA[MSB«8ILSB] 
char RAND0M-DArA[MSB«8ILSB] 

The client sends tiiis message to the serves' to finish a 4S 
Diffie-Hellman style key exchange. The client provides it's 
"Y" value either directly in the YDATA or indirectly in the 
GERnFICATE-DATA. If tiie key exdiange algorithm is not 
"anonymous" then the client must provide the catificate 
data. 50 

The RANDOM-DATA is used by the server and client to 
produce the MASTER-KEY. This is necessary when mutual 
authentication is used because otherwise the MASTER- 
KEY would be a constant, 

The CUENT-SESSION-KEY message must immediately 55 
follow this message. 

Session Key Production Phase Messages 

This message is used by **token" key exchange algo- 
rithms. Token's disallow key material to leave the token 
unencrypted and because of this the client must conmiuni- 60 
cate to the server the encrypted value of the session keys 
(because the server cannot produce them). 
Client-Session-Kcy 

The dient-session-key message format is as follows: 

65 

char MSG-CUENT-SESSION-KEY 
char OPER-KIND [3] 



char CLEAR-KEYl-LENGTH-MSB 

char CLEAR-KEYl-LENGTH-LSB 

char ENCRYFTEDI-KEY-LENGTH-MSB 

char ENCRYFTEDl-KEY-LENGTH-LSB 

char CLEAR-KEY2-LENGTH-MSB 

char CLEAR-KEY2-LENCjTH-LSB 

char ENCRYPTED2-KEY-LENGTH-MSB 

char ENCRYFrED2-KEY-LENGTH-LSB 

char KEY-ARG-LENGTH-MSB 

char KEY-ARG-LENGTH-LSB 

char RANDOM-NUMBER-LENGTH-MSB 

char RANDOM-NUMBER-LENGTH-LSB 

char CLEAR-KEY1-DATA[MSB«8/LSB] 

char ENCRYFrED-KEYl-DArA[MSB«8/USB] 

char CLEAR-KEY2-DArA[MSB«8/LSB] 

char ENCRYFrED-KEY2-DATA[MSB«8/LSB] 

char KEY-ARG-DArA[MSB«8/LSB] 

char RAND0M-NUMBER-DArA[MSB«8/LSB] 

This message is sent by the client after either the 
CLIENT-MASTER-KEY message or the CUENT-DH- 
KEY message. The message is used to establish one (or two) 
session keys with the server. Each session key is con^sed 
of two pieces: the CLEAR-KEY-DATA and the 
ENCRYFTED-KEY-DATA. If the CIPHER-KIND indicates 
an export grade cipher then some of the key data will be sent 
in the clear (in the CLEAR-KEY-DATA). The CLEAR- 
KEY-DATA and the ENCRYFTED-KEY-DATA are concat- 
enated to produce a session key. This message aUows for two 
independent session keys to be established, if two keys are 
used then the first key (KEYl) becomes the 
CLmNTWRTTE-KEY and the SERVER-READ-KEY. The 
second key (KEY2) becomes the CUENT-READ-KEY and 
the SERVER- WRITE-KEY 

The ENCRYFTED-KEY-DATA*s are encrypted using the 
MASTER-KEY (the MASTER-KEY was established by the 
CUENT-DH-KEY message). The RANDOM-NUMBER- 
DATA is encrypted using KEYl. 

The KEY-ARG-DATA is used by cq)hers that require 
some sort of initialization data (e.g. DES*s IV). The 
RANDOM-NUMBER-DATA is used as the SECRET for 
MAC computations (recall that for tokens the session key 
data is not available in the clear) 
Server Verify Phase Messages 

The server-verify message is sent encrypted 
Server-Verify 

The client-session-key message has the following format: 

char MSG-SERVER-VERIFY 
char CHALLENGE-DATA[N-1] 

The server sends this message after a pair of session keys 
(SERVER-READ-KEY and SERVER-WRITE-KEY) have 
been agreed upon cither by a session-identifier or by explicit 
specification with the CLIENT-MA5TER-KEY message. 
The message contains an encrypted copy of the 
CHALLENGE-DATA sent by the client in the (XIENT- 
HELLO message. 

"N" is the number of bytes in the message that was sent, 
so "N-1" is the number of bytes in the CHALLENGE- 
DATA without the message header byte. 



35 



40 
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This message is used to verify the server as follows. A char CERnFECAIB-LENGTH-LSB 

legitimate server will have the private key that corresponds char RESPONSE-LENGTH-MSB 

to the public key contained in the server certificate that was char RESPONSE-LENGTH-LSB 

transmitted in tiie SERVER-HELLO message. Accordingly, char CEEaTFICArE-DArA[MSB«8/LSB] 

the legitimate server wiU be able to extract and reconstruct s char RESP0NSE-DArA[MSB«8/LSB] 
the pair of session keys (SERVER-READ-KEY and 

SERVER-WRITE-KEY). Finally, only a server that has This message is sent by one an SSL client in response to 

done the extraction and decryption properly can correctly a server REQUEST-CERTIFICATE message. The 

encrypt the CHALLENGE-DATA. This, in essence, CERTIFICATE-DATA contains data defined by the 

**proves" that the server has the private key that goes with lO CHKTMCATE-TYPE value. An ERROR message is sent 

the public key in the server's certificate. with error code NO-CERnFICATE-ERROR when this 

The CHALLENGE-DATA must be the exact same length request cannot be answered properly (e.g. the receiver of the 

as originally sent by the dient in the CLIENT-HELLO message has no registered certificate), 

message. Its value must match exactiy the value sent in the CERTEPICATE-TYFE is one of: 
dear by the dient in the CUENT-HELLO message. Hie is 

client must decrypt this message and compare the value SSL_X509_CEKnFICATE 
received with the value sent, and only if the values are 

identical is the server to be *1rusted''. If the lengths do not The CEKTMCATE-DATA contains an X.509 (1988) 

match or the value doesn't match then the connection is to signed certLQcate. 

be dosed by the client. 20 See CCTTT, Recommendation X.509: "The Directory — 

This message must be sent by the servo: to the client after Authentication Framework**. 1988. 
dther detecting a session-identifier hit (and replying with a 

SERVER-HELLO message witii SESSION-ID-HIT not SSL_J>KCS7_CERnnCATE 
equal to zero) or when the server receives the CLIENT 

MASTER-KEY message. TTiis message must be sent before 25 The CERITFICArE-DATA contains a PKCS-7 formatted 

any Phase 2 messages or a SERVER-FINISHED message. certificate list 

Client Authentication Phase Messages The RESPONSE-DATA contains the authentication 

Client Autiientication messages are sent encrypted. response data. This data is a function of the 

Request-Certificate AUTHENTICATION-TYPE value sent by the server. 

The request-certificate message has the following format: 30 When AUTHENTICATION-TYFE is SSL_AT_MD5_ 

WTHLJlSAJNCRYPnON tiien the RESPONSE-DATA 

char MSG-REQUEST-CEKTIELCATE contains a digital signature of the following coiiqwnents (in 

char AUTHENTICAnON-TYPE the order shown): 

diar CERTinCATE-CHALLENGE-DATAIN-2] 

35 1. the KEY-MATERLM^O 

A server may issue this request asking for the client's 2. the KEY-MATERIAL- 1 (only if defined by the cipher 

certificate. This message can be used with the RSA key kind) 

exchange algorithm only. The client responds with a 3. the KEY-MATERIAI^2 (only if defined by the cipher 

CUENT-CERTMCArE message immediately if it has one, Kind) 

or an ERROR message (with error code 40 4. tht CEKTIFICATE-CHALLENGE-DATA (from die 

NO-CERTIFICATE-ERROR) if it doesn*t. The REQUEST-CEKTinCATE message) 

CEKITFICAIE-CHALLENGE-DATA is a short byte string 5. the server's signed certificate (from the SERVER-HELLO 
(whose lengti) is greater than or equal to 16 bytes and less 
than or equal to 32 bytes) that the client will use to respond 

to this m essage. 45 The digital signature is constmc^ using MD5 and then 

The AOTHENTtCAnON-TYEE value is used to choose encrypted using the clients private k^, formatted according 

a particular means of authenticating the client The follow- to PKCS#rs digital signature standard. See, RSA 

ing types are defined: Laboratories, PKCS#1: RSA Encryption Standard, Version 

1.5, Nov. 1993. The server autiienticates the client by 

SSL_Ar_3IDS_WrTH_JRSA-ENCRYFTI0N 50 verifying the digital signature using standard techniques. 

Note that other digest fimctions are supported. Either a new 

The SSL_AT_31D5_WITH_JIS A_ENCRYPTION AUTHENTICAnON-TYPE can be added, or tiie algorithm- 
type requires that the client construct an MD5 message id in tiie digital signature can be changed, 
digest using information as described above in the section on This message must be sent by the client only in response 
the a.TRNT-CEKTIFICATE message. Once tiie digest is 55 to a REQUEST-CERnFICATE message, 
aeated, the client encrypts it using its private key (formatted Finished Phase Messages 
according to the digital signature standard defined in Finished phase messages are sent encrypted. 
PKCS#1). The server authenticates the client when it Client-Finished 

receives the CUENT-CERTIFICArE message. The Client-finished message has the following format: 

This message may be sent after a SERVER-VERIFY 60 

message and before a SERVER-FINBHED message. char MSG-CLIENT-FINISHED 

CUent-Certificate char CONNECnON-ID-LENGTH-MSB 

The format of tiie dient-certificate message is as follows: char CONNECTION-ID-LENGTH-LSB 

char HANDSHAKE-HASH-LENGTH-MSB 

char MSG-CL IENT-CEKnnCAm 65 char HANDSHAKE-HASH-LENGTH-LSB 

char CERTIFICATE-TYPE char CONNECnON-B-DATA[MSB«8/LSB] 

char CERTinCATE-LENGTH-MSB diar HANDSHAKE-HASH-DATA[MSB«8/LSB] 
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The client sends this message when it is satisfied with the transmission/Feception of the higher level protocols data, 

server. Note that the client must continue to listen for server The SESSION-ID is used by the client and the server at this 

messages until it receives a SERVER-FINISHED message. time to add entries to their respective session-identifier 

The CONNECnON-ID data is the original connection- caches. The session-identifier caches must contain a copy of 

identifier the server sent with its SERVER-HELLO mes- 5 necessary data needed to reconstruct the security 

s^gQ, enhancements. 

The HANDSHAKE-HASH data is the hash of the dient' s The HANDSHAKE-HASH data is the hash of the serv- 

handshake messages sent previously to the server. The hash er's handshake message sent previously to the cHent The 

function used is defined by the agreed upon cipher (e.g., hash fiin^on used is <kfi^^^^ 

MDS). The cUent initializes the hash function at ttiebegki- lO MDS). TJe server initials the hash fu^^^^^^^ 

nin« f^y^ /v^«,«,nn,Vot;«nc c*.ccj«« ^„f,^ If commuoications scssiou and feeds mto it every 

nmg of the commumcations session and feeds into it every ^^^^ ^^^^ ^^^^ ^^^^ ^^^^^ ^^^^ 

SSL record sent to the server The enhre record is sen including the record header, MAC, record data and optional 

induding ttie record header, MAC, record data and optiond padding. If the record was sent encrypted then the encrypted 

padding ^the record was sent encrypted then the encrypted data is fed to the hash function, otherwise the clear data is 

data is fed to the hash function, otherwise the clear data is 15 used. The data is fed to the hash function in tiie same order 

used. The data is fed to the hash function in tiie same order as it is transmitted. When the server is ready to send the 

as it is transmitted. When the client is ready to send the SERVER-FINISHED message, the server **finalizes" the 

CLIENT-FINISHED message, tiie client **finalizes" the hash hash function retrieving from it the final hash value (io the 

function retrieving from it the final hash value (in the case ^^^^ mds^ i28 bits of data). 

of MDS, 128 hits of data). 20 Note that data sent prior to discovery of the hash fiinction 

Note tiiat data sent prior to discovery of tiie hash fiinction joj^st be saved by the server so tiiat it can be f ed to tiie hash 

must be saved by tiie dient so tiiat it can be fed to tiie hash function once tiie hash fiinction is determined. 

fiinction once tiie hash fiinction is determined. -phis message must be sent after tiie SERVER-VERIFY 

Also note that the client authentication messages will not message. 

be protected under tiie cover of the HANDSHAKE-HASH. 25 Server-Finished- V2 

This is not a problem, however, because tiie CLIENT- ^har MSG-SERVER-FINISHED- V2 

CERTZFICATE message is sent encrypted and is akeady ^har SESSION-ID-DArA[N-l] 

protected with by a MAC. 

For version 2 of tiie protocol, tiie client must send tiiis xhe server sends this message when it is satisfied witii the 

message after it has received tiie SERVER-HELLO mes- 30 clients security handshake and is ready to proceed witfi 

sage. If ttie SERVER-HELLO message SESSION-ID-Hir transmissionAeception of tiie higher level protocols data, 

flag is non-zero tiien the CLIENT-FINISHED message is xhe SESSION-ID-DATAis used by tiie cUent and ttie server 

sent immediately, otiierwise the CLIENT-FINISHED mes- at tius time to add entries to tiieirr^pective session identifier 

sage is sent after tiie CLIENT-MASTER-KEY message. caches. The session-identifier caches must contain a copy of 

aient-HnishediV2 35 the MASTER-KEY sent in the CUENT-MASTER-KEY 

message as tiie master key is used for all subsequent session 

char MSG-CLIENT-F1NISHED-V2 key generation. 

char CONNECTION- ID [N-1] '•N" is tiie number of bytes in the message tiiat was sent, 

so "N-1" is the number of bytes in tiie SESSION-ID-DATA 

The client sends this message when it is satisfied with the vvithout tiie message header byte, 

server. Note that the client must continue to listen for server This message must be sent alter the SERVER-VERIFY 

messages until it receives a SERVER-FINISHED message. message. 

The CONNECnON-m data is tiie original connection- , 

identifier tiie server sent witii its SERVER-HELLO uiossary oi lenns 

message, encrypted using the agreed upon session key. The words in this specification shall have their commonly 

"N" is tiie number of bytes in tiie message tiiat was sent, accepted meaning in tiie relevant art except where specified 

so •'N-r is tiie number of bytes in tiie message witiiout tiie otiierwise. The following glossary is not intended to aUer the 

message header byte. common meanmg of the terms explained in tius section. The 

For version 2 of tiie protocol, tiie dient must send tiiis P^^^^ ^ ^^^^^ ^^^^^ ^ understand- 

message after it has received tiie SERVER-HELLO mes- ^° g)ecification. 

sage. If tiie SERVER-HELLO message SESSION-ID-HTT ApphcaUon Rrotocol 

flag is non-zero tiien tiie CLIENT-FINISHED message is ^ appUcation protocol is a protocol tiiat normally layers 

sent inunediately, otiierwise tiie CUENT-FINISHED mes- ^^^^ TCP/SP. For example: HTTP, TELNET, 

sage is sent after tiie CUENT-MASTER-KEY message. ^ 

Server-Finished Autiientication 

Authentication is the abiUty of one entity to determine the 

char MSfi SFRVFR FINT^JHPD ^"^^""^^ ^"^^^^ ^""^ ^ 

^s^TON ^ ^''^^ "^'^ ^^^S between a public key and a name 

S'SSKSctSS , andtiie^^^^ 

™^ ^ ^ ^^^^ ^ ^^^^^^ 

u iJ^^^r^^rwJ^ witti certain performance properties. Bulk ciphers are used 

char SESSI0N-ID.DATA[MSB«8/LSB] ^^^^ J^^ities of data are to be encryited/decrypted 

charHANDSHAKE-HASH.DATA[MSB«8/LSB] in a tii^yiLner. Examples include RC2S4, 

• 65 Client 

The server sends this message when it is satisfied witii the In this specification client generally refers to tfie applica- 

dients security handshake and is ready to proceed with tion entity that is initiates a connection to a server. 
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CUENT-READ-KEY 

The session key that the client uses to initialize the client 
read cipher. This key has the same value as die SERVER- 
WRITE-KEY. 
CUENT-WRITE-KEY 

The session key that the client uses to initialize die client 
write cipher. This key has the same value as the SERVER- 
READ-KEY. 
MASTER-KEY 

The master key that the client and server use for all session 
key generation. The CUENT-READ-KEY CUENT- 
WRTTE-KEY, SERVER-READ-KEY and SERVER- 
WRTTE-KEY are generated from ttie MASTER-KEY. 
MD2 

MD2 is a well known hashing function that converts an 
arbitrarily long data stream into a digest of fixed size. This 
function predates MD5, also a well known hashing function, 
which is viewed as a more robust hash function. 
MD5 

MD5 is a well known hashing function that converts an 
arbitrarily long data stream into a digest of fixed size. The 
function has certain properties that make it useful for 
security, the most iirportant of which is it's inability to be 
reversed. 
Nonce 

A randomly generated value used to defeat '^laybadif' 
attacks. One party randomly generates a nonce and sends it 
to the other party. The receiver encrypts it using the agreed 
upon secret key and returns it to the sender. Because the 
nonce was randomly generated by the sender this defeats 
playback attacks because die replayer can't know in advance 
the nonce the sender will generate. The receiver denies 
connections that do not have the correctly encrypted nonce. 
Non-repudiable Information Exchange 

When two entities exchange infonnation it is sometimes 
valuable to have a record of the communication that is 
non-repudiable. Neither party can then deny that the infor- 
mation exchange occurred. Version 2 of the SSL protocol 
does not support Non-repudiable infonnation exchange. 
Public Key Encryption 

Public 1^ encryption is a technique that leverages asym- 
metric ciphers. A public key system consists of two keys: a 
public key and a private key. Messages encrypted witii the 
public key can only be decrypted with the associated private 
key. Conversely, messages encrypted with the private key 
can only be decrypted with the public key. Public key 
enayption tends to be extremely com^te intensive and so 
is not suitable as a bulk df^er. 
ftivacy 

Privacy is the ability of two entities to communicate 
without fear of eavesdropping. Privacy is often implemented 
by encrypting the communications stream between the two 
entities. 
RC2,RC4 

Well known bulk ciphers developed by RSA. RC2 is 
block c^her and RC4 is a stream cipher. 
Server 

In this specification, server generally refers to the appli- 
cation entity that responds to requests fcH- connections from 
clients. The server generally is passive, waiting for requests 
from clients. 
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Session c^>her 

A session cipher is a **bulk** cipher that is capable of 
encrypting or decrypting arbitrarily large amounts of data. 
Session ciphers are used primarily for performance reasons. 
5 The session ciphers used by this protocol are symmetric. 
Symmetric ciphers have the property of using a single key 
for encryption and decryption. 
Session identifier 

A session identifier is a random value generated by a 
client that Identifies itself to a particular server The session 
identifier can be thought of as a handle that both parties use 
to access a recorded secret key (in our case a session key). 
If both parties remember the session identifier then die 
iiiq)iication is that the secret key is already known and need 
not be negotiated. 
Session key 

The key to the session cipha. In SSL there are four keys 
that are called session keys: CLIENT-READ-KEY, 
20 CUENT-WRITE-KEY, SERVER-READ-KEY, and 
SERVER-WRITE-KEY. 
SERVER-READ-KEY 

Hie session key that the sender uses to initialize the server 
read cipher. This key has the same value as tiie CUENT- 
25 WRTTE-KEY 

SERVER-WRITE-KEY 

Hie session key that the server uses to initialize the server 
write dpber. This key has the same value as die CUENT- 
READ-KEY. 

30 

Symmetric Cipher 

A symmetric cipher has the prq)eity that the same key can 
be used for decryption and encryption. An asymmetric 
cipher does not have this behavior. Some examples of 
35 symmetric ciphers: IDEA, RC2, RC4. 

J. Source Code listing 

The following source code, which is hereby incorporated 
40 into this application, is used to implement the SSL library in 
accordance with a presentiy preferred embodiment of the 
invention. It will be appreciated that it is possible to imple- 
ment the SSL library using different coxiq>uter code without 
departing from die scope of the invention. This listing is 
45 provided merely to iUustrate the best mode currentiy known 
to the inventors to pnutice the invention. Thus, neither the 
foregoing description nor die following source code listing 
is intended to limit the invention which is defined in the 
appended claims. 

50 

Notice of Copyright 

A portion of the disclosure of this patent document 
contains material which is subject to copyright protection. 
35 The copyright owner has no objection to the facsimile 
reproduction by any one of die patent document or die patent 
disclosure, as it appears in die Patent and Trademark Office 
patent file or records, but odierwise reserves all copyright 
rights whatsoever. 
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*- Copyrlgbt (c| t9»S. i;Bt»c*po CoBHuoicatlons Corporation. All rlqncs 
" ceaocvod. Thli usa of this Sacura Sockets Laysr R«t«ranoQ 
■* InplcnentAtlon t^.ha 'SofCwarv'l La gaverned by the Conns ot tno SSL 
** ftorecenco Inplenentatlon blcens* Agreananc. Please read Che 

ac=oB5»nyln9 'License- llle lor « doacxtpclon of the rights gc&nted. 
** Any oKtinr rblrcl party naterlalc you use with this Software nAy ba 

suDlect to additional license rescrlctlORB from the Uceneors o£ such 
" third party sottware and/or additional wxport restriction* , The SSL 
** ImplencntatI cn License Agreeaenc grants you no rights to any such 

third po(ty trMtMiU). 

"/ 

ilfndar aslree_S3l_h 

tdoflnfl f!«lref_35i_h 

vlncl'Jd* 'caltypwa.h' 

/' 

fitnplo API prcvlded to applications tliat lute SSL. 

/' create on SSL hat.dl« (or 'fd* •/ 

Rxtern SSLHandle •SSL_creote< Inr. (d. Int flags}; 

t define SSl„.EMCRYPT_«ASK {l«0) 

Idellne SSL ENCBYPT tl«0} f CDCrVpt the connection •/ 

tdetlne SSL,.OOMT_Rr;L-RYPT (Of /• dont encrypt the connection v 

• define SSL_PHOXY_«ASK (3«1) 

■define SSL. SECUf1C_PR0.XY (a<«i; /* use said as proxy 

■define SSL_PRnxY f M«e Bockd as proxy */ 

■define ssl_W(>_PROXY (0) /- direct connection •/ 

/• Destcoy «n SSL hsndlo for 'td* */ 
RXt«rn vnld SSL_D«stroy ISSUIandla *h( ; 

/* 

•* Conllgiire SSL server inlocnatlon. 

"cert" polcitor to the KSO» certificate Inforraatlon 
" 'certLen* 1 ftn(}th «if the X5C9 cectillcate Information 

y 'prlVKey' ihe server's private liey 

extern void SSL .S>^( vcrin!ot unsigned char »cert, Int r.ertlen. 

nSAPrlvateXey -prlvKey) > 

/' 

•" Configure authentication hook. The 'Jiook' tunccion Is called alter a 
certificate has been received and validated by SSL. The 'hook* 
return 1 nonzero If It accepts the certificate, or zero It It 
doesn't. The 'arg' value is an untypad polncer ihat can bo used to 
paR« Infonnation to Che 'hook' function. 

•/ 

extern void SSL ^-jthHook lint (-hoott) [void 'arg, unclgnod char 'cert, 
•jnolgned carcLoni, 

void "nrgl ; 

Conflytire SSL cllen*. Information 

•cerf pointer -.o the certificate Inlonnatlon 

•MrlLeo* length of the XS09 certificate tn£onnatlon 
•* 'prlvKey the cllent'o private k»y 

^xten: vnld SSL.f.*! lent Info (unsigned char 'cert, hit rartlen, 
(tSAPrlvatoKoy 'pclvKoyjj 

/• 

Fertoi:* t.hv haiKlshake protocol using ti. Return --he status of che 
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S8l.h 



** tMOdSlLalca. 

'b* the handle to tno ssl ccnn«etlon 

•* •how* d«tarmlna how cn p«r(orn Ue handihake It "how* 1« zero 

th«n the twndsbake Is done as an SSL client. II 'how' la one then the 
handahaka le done aa an SSL server. If 'how* is cwo than tha handsbako 

** Ls dona as «n SSL sacver Jind requires cllenr.'s to auttventlcata 
thanaelvas. 

•/ 

extern 1ns K£L^Handaha)feiSSLHandle *h, Int how]; 
/• Value* for •how* •/ 

tfdaCina SSL JiANDSHWtE JlS.tHfiHT 0 
•define SSLJUWOSKAKEJtS.SERVEB i 

• dafLna SSL_KAMDSHWC£JiS .SEI«VEll_*(ITO_CLIEMT.AUTW 2 

Basic i/o operations -/ 
axtern inc SSL_ReadlSSLHaadle -h, void 'but, Int lenl ; 
cxtorrt Int :;SL.W£lt:e(S3U{andle 'h, void -buf. int l«n) : 

/* Sockec opa radons */ 

extern Inc S5L_Connect(SSLHandle 'h, const void 'sa, int salen] ; 

extern Int SSL_Blnd(SSLHBndlfl canoe void :r.t sdlen, Jmi? dstaddrt; 

axtam Int SSU.Llacan iSSLHandlo "h, Int backlog); 

extern SSLKeDdle *SSL^>ccept(SSLHandle -h. void 'addr. Int ♦addrlcnpJ: 
extern Int SSU_cetsocknanalSSLKandle -h, void 'name, int -namelmpl i 
«xt«rn ssLHandle *SSLJlcnd(chsr •"ahoat, 

Int Inport. 

char •locuaer, 

char •rmuser, 

char 'ODd, 

SSLHandle •'hSp, 

Inc ctMCel lags) ; 
extern Int SSLJIandUToPOtSSLKtndla •») ; 

/• Error codes. Tlieae are the recuni values 

Ideflna SSL_£RROH J«)_C1 PHERS -i 

ideeine SSL.EitROR_NO_CEIITIPICATB -i 

IdaClne SSL^ElR0H_BAD_CCXTrFICA7E -4 
•define SSL_ER!lOfi_irtBUPPORTBD_f:CTTIFICATEjnrPE -6 

•define S5L_EB!toR_:o -lo 

•define SSL.eRR0R_BAD_H£S5AGE -il 

• define SSL_eEtRO{l .BAD^HAC -i; 

• define SSL_ERBO]t ..UNSUPPORTED -l] 
•define SSL_|tBiORJ9AD_CERT_StC -14 
•define SSL_BRROR JAC_CEBT -15 
•define SSL^ROB JAO.PEER -I6 
•define SSL_ERROR_PE3lIlISSION_DnitE0 -U 



/• 

** VarlouQ and oTjndry protocol conataota. DOW'T CWNSE THESE. Tbese 
values are da fined by tht SSL protocol epoci f Icntlon . 

Ideflne SSL_PHOTOCOL_VEH£IOM 2 

/* Security handshake protocol codea '/ 

tdeflne SSLJlT^ROH d 

•define SSLJrr_CLlEMT_KELLO i 

edeCine sst_nT_CLiEwrjiASTEa_KEY 2 

•define SSlJtr.CLIEtff.PTHlSHED 3 

•define SSL JIT.SERVER. HELLO a 

•define SSLJIT_EEKVEF_VEmFr 5 

•define S£LJTr_fiERVER_riNISHEO fi 

•define S5LJIT_REQUEST_CERTIFICATe 7 

•define SSLJ1T_CL1ENT .CERTIFICATE 9 
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il.h 



/• Cyph*ir kind's •/ 

tdet Ino SSL_CK_RC4.:2e_KnW_HD5 OiCOl 

tdotloe SSL_CJt_HC4.12B_EXPORT4E)_WITH_HM Cx02. 

■deflna SSL_C1LBC:2_12B .CBC_WITH_KD5 0x03 
•defln* SSL_CK_HC3_i:«,CBC_EXPORT40_MITH MDS 0x04, 

fdsfloe SSL_Ci:_IDEA_129_CBC_WITH MDS 0x05, 

IdatlnB SSL .CK_DES_64,CBC_WITHJ1DS OxO( 

• do ft DA SSL_CK_DES_l9!_EDEJ_CBC_HITH.raS 0x0 7 i, 

/• CorCi£l=aCo type's •/ 

tdmflnn IJSL .CT.XSOS .CHRTIFH'ATE OxOl 
/* AiJCh«nci cation Kype' a •/ 

*dBlin« SSLJ^T.KDb HrTO_Fi£A_EtJCR?PTICH 0x01 
/• Br for codos *y 

IdeCln* SSL .PE_«0_CIPHEK 0x0001 

Idsllne SSL_PE_»0„CERTiriCATE 0x0002 

l(l«tlno SSIi_PE_BAD_CEimFICATE 0x0004 

Idedne SSL_PEJiHS*JpPORTEC_CERTXP|CATS,T?rR 0x0006 

/' LJnJis 'J 

»def Ittv SSL_HAX_nLOCIt_CTPHER_LEn 0x3 f f t 

• endU f solto(_«rtl„h '/ 



0x00. Dxeo 

0X00, UxBO 
0X00, OxSQ 
0x00, QxSO 
0X00,0X80 
0x00,0x40 
0x00. OxCO 
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ssltypes.h 



tltndeC Bslrel_seicvp«6_h 

fdeftnn rftf .raI typ«s ,h 

cypadaf fi cruet DERLiyou^scr DERLayout: 

cyp^nqf struct PESContextstr descodlqxc; 

cypodaC iicrucc MDConcwcUcr KDContBXC: 

tyjMdat struct PKCSSKoyStr PXCSSKoy; 

cyp«d«C struct RNCContexCStr RNCContext; 

cypedaf atnicc RSAPrlvataKeyStr RSA^lvateKey; 

tyiMdef struct RSJ^Publ IdtayScr RSAPubllcKey; 

cypedet scruet SSLH^ndleStr SSLKandler 

tftndif /• ffif .usir.ypcs ti •/ 
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S5lcfg.h 



Copyri9ht (HI 199S. K«B«p« Coonunlcatlons Corpor»Clon. AHriaht. 
reserved. Thin .»e of thia Secura Sackets Uy« HofaronM 

" S S. i**"*^""" ^« * deacflpLlon o! th. rlghcs granted 



tifndaf _fifll ref_cf 



• under nsAFE_woRirs 



•ifdef BSAFS 

I Include 'bMleJ/sourceyglotwl.h* 

• Include •bMto2/so'irce/bM(ca .Ir 

/* IBSAF£ •/ 
» 1 nc 1 ud #t ■ r sa rol a 0 / eouree /g lobal . h ■ 

• include 'r«oro(20/iiourcQ/rB*cef . h- 
llticlude *rflaref2a/so'irc«/roA.h* 
lendtf /• BSATE */ 
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S5llib.h 



Copy rl gut ic) 1995. !l«tsc«p« CaiDBiiinlcatlonB Corpora Lion. AU r^htB 
r«s»rvad. Thin •ir.e of tMs S«eur« Sockets Lay<ir Befarence 
IraplmonMClon n:lia -Sottirtre'i is govomad by the tecma o£ th« SSL 

** ReC«renco Imp I omen cat ion Ucenaa AgrMamt. PUbsb rssd chtt 

•* «r:co»p4nylii9 'l.lcenW file tor e deacrlpcion of the rights griwiwd. 
Any op-ber nhlrd party naterlaLs you use with this Sottwre may be 

" Bubjact to 4dditloMl license restrlcclona irota the licensors of such 
third party sortwarn ind/or additional export restrictions. Tho SSL 

•* Inplonenbattcn License Agretwrnnt qcanta you no rights to any ciit:>i 

** third par'.y matorlal. 

•/ 

lltndaf sRlref.csllb h 

tdotlnn 5slrot_csUb h 



Security library used by SSL licpleiiencatlon and sppUcAtions. 

Provides sutne basir c^pibl 1 Itlffs wrapped up so that chi 'jndorvUna 
•* crypto Ubriry cui b** hlrldnn. 
•/ 

llncluda oys/ typos. h:* 
•include *ssl types. h* 
tlncliwlR -sslcf^.h* 

tlncludti <stdllb.h> 
(Include cstdio.h> 
I Include <uni6r.d.h> 
llncl'jde <8trln9.h> 
line I vide <netln'!t/tn.ti:> 

r XXX */ 

oxtacn 'mslooed char asl_cK.des£4 13 I j 

'datlne Ct(>NEt1,.KI»D _«al .■:k_JlQs64 

struct RHGCont**)(i.Str •* 
mrdef BSAPE 

a ^IflORTrWt.Q&T cna; 
■ else 

unsigned char statelli); 
•ir.slgiiAd char s^ceom; ; 
UMl<?n*d a'.r^^micn,- 
«4ndl f 



stni^c aSAPclvatnKeysrr « 
»ttde( BSAPE 

BJ:EY_0BJ key: 
>«Ls« .'• I8SAFE */ 

RJISA.FBIVATE.KEY k^y: 
•eadii BSAPE •/ 
1 1 

struct RSAPubllcKeyStr ( 
■irdet BSAFE 

D_XEy_CBJ keyf 
<oUe !BSAFE -/ 

R-BSA^PyaLICKEY (ittyr 
■endiC r<;afc -/ 



•* A handle. 'jRed to t:ont«lc; the state ot th«i protocol raachlnory. 



^ypodef sti'ict sSLSoctslnlcStr SSLSockslnto ; 
^trtic 53LSOCkaH)(oStr \ 
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ssUib.h 



int dlrccc: 
Inc didBindt 

unsigned long sockdKotiC; 
unsigned short KockdPar?; 
aCc'^t r>oe)C!Sddr_Jn bliidAddr; 

Data returned hy sockd */ 
unsigned long dcsLHosrt.: 
•jnslgnod slwtt d*sf,Poir^.: 



scrucc SSLHand'iASr.r I 

y* Undoclyina unlK 1 1 1^ u<*ftcr lp».c.r '/ 

Inc Hi 

Int IsSefvoc; 

Int socvcrFLnlsbed; 

Int cU«nCPlnl9bRd; 

Inc cr«AteFlaqs: 

SSLSockoIn^o *bocKs: 

/ • Handohak« snac* * / 
Int haveSIDt 

unsignod chat *cilonT:ciiall«n<t«; 
•iiulgned cIiantChall«ng<il«n; 
•jnolgned ch<r 'contiacclsnlU; 
unslgnad cQ:in«cttonlOt.«n; 
unsigned chir 'nuthChal lenge; 
unslgnod authChal iBniyvl.en; 
flSAPubll=Key *pyLK*yi 

/♦ MAC state •/ 
Int send£cn; 
Ini rcvSoqt 

/* Hscord lAy«r sf-^tw • / 
unsigned clv«r hojsdoc!5:; 
lilt paddlnq; 

Raad buffer "/ 
•inalgned ch«r *b4sai 
unsigned chir "i^.K^i 
Int space: 
Int len: 

Cipher utau -/ 
unsigned rhar *r«adK»y: 
unsigned ceadKeyLenj 
unsigned ch-ir •wrlteKey; 
unsigned KrlceKeyLen; 

/* Sasslon-td stuff 
unsigned char 'sesslonlS; 
unsigned sea3lonlOl.en: 
unsigned char 'tan; 
unsigned kmUenf 
unsigned chat clph«rKli*.d| ] I 
unsignad char *kcyAx9; 
unsigned kcyArgLen; 
unsigned chir 'inasterKey; 
unsigned laascerXe/Lcn; 
■msjgncd chir 'peerCerl: 
unsigned peat Cert Len; 

DCSCon':ext 'rrsadcx, "wr Itecx; 

) ; 
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tdeflne HSBIx) (l>inalgn«d char) I | lunalgnedilx) » 9i k Qxf{)) 

^SBIf > .i JMlgnwd c(j*ii I HuDBlgnad) (X) » ni « Oxf n I 

<*»«(ln« COKBINE{p) l-pilQl «B| ( (pi|l|) 



•dcXlno HD2$IZE 16 
lri«tln« HDSSIZE 16 



•deCin« S5L_HD2 I 



idAfln* OeH_It/rBCER ok02 

IdeClrw 0Ea_BIT_STaiN3 0x03 

<d«rin« DER.OCTCT ^'nuiNCl DxU4 

Idwflno DCT_m)LL CxOS 

*(te(In« OSR.OBJECT.IO 0x06 

• defln« DMJ5E0USMCE flxlO 
idetlne DER.SET uxll 
(da fine DEIl_PRrNTAeLE_SThIWf; i)xl3 
lElflflne t>ER.T61_STftINf; 0x14 
Ideflna 0ER_Ifc5_SlT.IHG ox]6 
4dolInG OERjrpC.TrME uxI7 

•da 1 1 na VSR .COMfiTRUCTSn 0 xj 0 

•do fine DER_U*aVERSAL 0x0 0 

td«fltte OER^PP LIGATION QxlO 
idaflno DES,CON*TOeP_SPEClP!C OxSO 

<td«ein« der_priva:e oxco 

• dallM DEH_AKlf oxlOO 



it'-njct DERUyoiirSu ( 
unstgnid ch.r -lt«n; 



extern unsigned DEB_G^tHMdf»rLen(un3lgn«d char Mnr. unsigned Mcnpi • 
ortern long DER_Cci:lnr«ger( jnslgn«rt ciiir 'derl i 

.:xtotn void CFJl.En=od<Sr.r;,jnslQned char ''d«st. tjnaigned •destl«ip. in', typo. 

■jnslgnod char "src, unalgnnd srclcnli 
-xr«n .old ne?^.(:oflrtinM.insl9nad char ••d«r.r.. unalgnad 'deatienp. inn tvya. 

long v«lu«) ; 

-*xr.«n vnld DeF.EiKiodM-sjl'i.ialgMd char -'dQst. unsigned 'd«sU«mp. Int Lype. 

I . ™ ft . unsigned char 'arcl, unsigned arcU«t i, 

(ixtern Int DEB.IVK»^»gS«qfL'ERLoyoun 'aeq. Int Jtseq. Inc typ«. 

'inslgned char *scc. unsigned stcler.) ; 

ixcaca SESContex- •nE3_Crflai:«cant«xt(TOolgn«i char 'key, ..nslgned ch*r Mv, 

int «ncrypci : 
ovcarn void DES.OQsiraytdntext (BESContexc -ex); 

extern void OES_Encrypc IDRSContaxt -ex, unslaned char -o-it. ur.aUned ^cjtlen. 

„ Jnaigned char "In, unsigned Inlctn): 

^xnam void rES_0«r:ryp':iDESCencext •ex. unsigned char -out, unsigned 'ouUen. 
UMlgned char 'In, ■jnalqned Inlan); 

«xtorn KDContexr: "MD_Cc(s»Tjjcontext( Int type) ; 

;««n «J-"»«"»««ont«r. -ex. un.lgn«d char 'dlgwt. unalqoed -Unp) ; 

flxtfltn void MO.Oos'-.royContexctHDCantexc 'CXI I 

axtorn RSAPrlvatdtay •PKrsi.CreataPrivateKeytRNOConLexc Tng, ir.t k«yl«n, 

«xtarn void PltCSl_a«3CroyPt IvateHay (RSAPrlvac^ay***Ke\M ! ' 
•xt-rn unsianad PltL-si_CetPrWat«KeySliemSAPrlva'.«K«y -iw) : 
-x'-.m void PjtCSl Pftv.«,i^crypuRSAPtlvar.«Key .koy7 

unsigned char -out, unsigned *outien. 

•jnilgnod char -In, ijnaigned lnl«nt; 
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ssUib.h 





u...lSI«.d ci»r ,:or.3r. -^1, .mr.lZt " iii 

..C.r„ void PKCS7.W„p.^.;„^ 

-na „,«! r.l>.r .cwla. un.li°M *«JS'S;, 

^_ 

•endif /. aalr«£_BcUb.,h */ 
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sslcert.c 



•* CopYrijh? (c> 19S5. N«CBe&pa CoBBiunJcAtlona Corpoctclon. All rights 
*• ruMirvad. This >j«e c( Chi a Secur* SocJcotj Lay.r R«f*r«nc« 

ZaplooancaLlon (cho 'Sofcware-) Is governed by Uie tanw oC ".h* SSL 
'* R'^r«reDC« Inpltnencatlon License A9»«inent. rioaae caad ch« 

^:ccnpanytng 'LI cense' file tor a description of the right* granwd. 
••Any other •-hied party tuterlals you usa with chls Sofcwaia mey b« 
■• sub) act ta additional license restrictions (ron th« tlcanBora of auch 
•■ third party software and /or additional eicporC restrictions- Tho SSL 

Inpl mentation License A9reeMn% <jron'-.s you no rights to any such 
*• third party wterUl. 
•/ 

llncl'jdn 'Rslllb.h* 

■ deflrn BECTM • BGCIN PRrVACY-EHHANXED KESSACe • 

!i*^t|r void ZODMLIcrh-ir *r,pi 

IRL Innf 

Jon « gtrl«tilcpl ; 
whll« lien) ( 

IE ((cp)l«n-ll m ■•.n'i II {cptl«»r-H «» '\r'>J ( 

cpC ■ • >nT ^ 11; 
> ol&e 

brealt: 



static char •cittrhur **. mar »bl 
t 

tr (at ( 

(( » (char*! r>taLlccti. otrlen(a) »itrrl«n(b|-l | j 
strcutu. t>); 
1 ilse r 

a = ichar'l ralloc(ctrl*inih| * IJ : 
jLrqjyO. b); 

1 



S'-itlc Iir. St.n:r.-»n«r«ip(i'.fnr char 'h, tnt n\ 
I 

wniie (--n >i 01 
ca « 'a**; 

ir (ca !r cbi ( 

IE 0) return -i; 

1 f (CD == ft) ratum 1.- 

:e ((t:> J- 'A': ti [d <^ 'Z'D t 

ca •= 32; 

1 

It i'.Cb >« 'A'l (6 (rb <n 'Z')) > 
cb •« 12: 

I 

If [ca 1- cfcl return C* - f:b; 



return 0: 



.'»^^l^lc Int Hap ichor "'•cpp^ inz •l'*npl 

•;har c. 
irtt lun: 
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CP 9 »cppj 

len = •lenp; 
while {len) I 

c = 'cpw; 

len--; 

" '= 

) 

) 

'CPp r rp; 

•lenp = I»»n: 

If ((C >a 'A') tfc i<t -.1 <7'f I • 

rerjirn ; • ; iziu (- . -a - i ! 

I £ ((c >B 'a* ) 44 ((. , , 

rec'jm I • 2< * tint] tc -.i* i.- 

1 e ((c >» '0' I it {c <i 1 1 ) 

ro-.um 1 - 52 . Uiit) (c • Ml'i; 

If (c T« '-'I raturii 1 - 62; 
It {c «. '/•» return 1 . (.1; 
If (0 »= ' I rcnurn 'i; 



nwponse. H^ndi«c ^Ml (torn a PEH b«<ri c:err.Ui«t.„ author! i^y. 
Int SJloac«:6rclf!MP.e(u.isIqned char "c«rt. unsigned ^^rtJen. FILE ' fp: 

unslgnod char *bln. 'tp; 

unsigned binlsn; 

char UneUOOO) i 

char 'body, -rp, »bodvy; 

int got, bcsiylon, hi. l>2, bJ: 

got * U; 
body r 0; 

bin • Ot 
(or (:;) ( 

cp - rgetatUr.ft. *1 snof i : IneJ , lp\ • 

it (Icpl braak: 

Z«pNLlcp] ; 

it rGtrcnptcp, aeaiHi -,01 i 
got = 1, 

) «JS« It (got ^-=1)1 

II (StfncflBccmpicp. ■orlgin*tor-carrlflr.ico = ', "Ji • .r, t 
cp = B^rchr Icp, ■: •) ; ' 

cp..; 

i»cly « t:^'; I body, rpi ; 
got t 2; 

) 

t elsQ IC (got -I 2; ( 

If l(cp(OI • II tepid 'T .\r..;; . 

bg<3y - Co'jrxjdy, r-nj .. 
I Also 

breik ; 

I 

} 

bodyO - hody: 

If ((got !. 2) II ibody) cr-o ioa-f; 
bodylon » s tr len ; body t; 
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/• convwcc body |oasa6« oncodijigt back co binary */ 
blnlan c (badylori / £] * 
bin = bp « lunsl^ned char*! iMlloc(blnlen| t 
whiU rbodylan) i 

bO < Haptfrbudy. & body 1 en): 

le IbO <> 0) goKo loser t 

bl a H«p|4bodv, «bodylen) ; 

IC Ibl <B 0) gor.o loser; 

62 « Kapifcbody, ibodyUn) ; 

IE tb2 < U| goco lcs«r; 

b3 m MAp(ct)udy. «badyl«n) ; 

It (bl < 0) 90*.n loMMt; 

bt>- • ; 

bl--; 

If (62 »■! l»! ■ 

bplOI r « Ji I iibl » 4t S 0X31; 

bp*.; 

I else It (bJ =:> U) I 
62--: 

bplOl « :bfl « 2> I Mbl » 4) t 0X3); 
bplll « ::ni « exit « A) \ tlb2 » 111 £ Oxt); 
bp 2; 
) «L8» I 
b2"; 
b3--; 

bpIOI = 4l)0 « 2; I ((bl » 4} & 0x3): 

bpin > (ihl & Oxf) « 41 I !lb3 » 2} « Oxfl; 

bpUl t nb2 6 0x31 « 61 I b3; 

bp — J; 



Iro«(bodyOl : 
•nert = hln; 
*certlen - h(» - uLti; 
return O; 

"Mr": « ;^; 
•cerclen = U; 
II Iblni tr»!t|blnt: 
Ireetbrjdyi;] ; 
return - 1 ; 
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^^'^ ?Il ^•'"'^*P« COMunications Corpor4tlon. All rights 

y rcaorvod. This uao or this Secure Sockets Lay«r Reference 

implBnontatlon ith« 'Sottwaro'l :o governed by the tcttia of the SSL 
• Ilo[ercncf! iBplenftncatlon License Agreement. Fleaae read the 
- '""^ " description ot the rights granted- 

Any other third party sate rials you use with thia Software aey be 
-* Thi license ceacrlctlona crm the licensors ol such 

third party software and/or additional export rcoerlctlOM The SSL 
" Imp! emcnta Lion License AgrnRnent qranta ynu no rights ».o »nv ouch 

third party oia».«rlfll . ' 

•/ 

llncludfl ■aal .h* 
4lncl<jdA -aBlllb.h' 



I Include <*Bcorc.Ji> 

• Include <-Jnlscd.li> 
♦include <stdllb.n> 
llnclude <stdlo.h> 

• Include <strlng.tt> 
ilncludti <>,lnQ.h> 
'include <sya/socicet.h> 

• Include <r*etlnet/!.n.h> 



/• Server ln(o •/ 

staclc unsigned char -aervflr.corr,; 
st&clc Int Rorver^certLett; 
strttlc RSAPt Iviir.eK^y •servor.k^/; 

/* Client Inio •/ 

static unsigned cliar 'cllent_cort; 
ccaclc lot cl leur.^cftrtLcm: 
static BSAPrJvj-.^itey •nllent_k«y: 

/• SeMlon-lD dJ»r.a •/ 
static unElemed eh«r "oli.ald: 
static unsigned sld.tnn; 
static unsigned cnar "sldjua; 
static 'Jtiaigned aid kmLen; 
static •inslgriert char ald.,r:lphorKtnd(.1 ; 
«tatlc wslgned char -sld_keyArg; 
Jt^tlc unsigned s I d .heyArgLen ; 
Static unsigned cnat •sldjwisterrey 
static •inslgned old^pastGriCeyUeni 
static tjnatgned caor *flld.paerCert; 
static unsigned nld_peorCercL«i( 
stable struct lii.^ddr sld Ip; 
ccatlc tln«.r. ald.tlwe; 

Bandoffl nunbor generatxi: '/ 
ntatlc (?NCCon^etr -mfl: 

static Int ■'•a'lth.hookl (void *Jirg. 
static vol J 'aurii^arg; 

■inslgned char ._s.sl_cit_dea«4[ ] • \ 
SSL_CX_L'ES. M ..CQC.HITH_KD5, 



'jnalgnod char Turt, unsigned certLeD : 



atJitlc unsigned char clphecSpe^rsl) i. f 
SSL . r.. Dt's . 6 4 r nr_w 1 tk_M05 . 



«ratly void Ccpyf-mr^lqned char "destp, unfltgn«d char 'ate, Int srcle; 
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it l*dastp] ( 

CraaCdascp] ; 
*descp n 0) 

it isrc) I 

♦dSBtp « cjnslqned ctiar*) iMlloc(»ccien) j 
mtBicpyCdos'-.p, arc. n rcl«n| ; 

I 



/• 

** Ccn«rata some randon bytes. Thp BSAREP cr/ptograptilcal ly HKcirt 

random nunbor ffsnorator Is not usable tlirocMy bncausa th« 
*J R.CaRaraCQBytcs is nor. par*, ol che Arc»pt«-J APr. foo b-id . 

BtaUc Int GeiiRMtcRandewBynai.inBlarMd char M-w.. •mtf><)riwd Imi 

ir Ira? 0) ( 

mg = KWC.CrcateCor.tux': 13, 0). 

} 

RNC_ConQrai,*»R^ndoil»Oytcfi irnij, deni:, len) i 
racurn 0; 



otatlc unii^nod ciiar 'i-ooitizpsiDISStirtniU -h. Int. 'oldlenpi 

strucc sockaddr.lii 3:1:; 
Inc slnsiza; 

/' ChecK Cor a oaaslsn-ld */ 
sinaize = Biaeotislni: 

getpeornBme(h->t(l. fBrruct aocHAddr*) *aln, inlnslz^i; 
*sldlenp » ">j 

It tsld_sid S4 (naB<»p(fcslu.tJln^ddr, tald.lp. islrooflsld lp« . nn 
/♦ Found scrvor In cur s«sclon-l'1 cache '/ 
If fcUelOl > slel_^ln«» . 

/• Siaslttn-ld Is too old *,* 

trse{ald.flidt: 

sLd_sld - 0; 

return 0; 

) 

*9ldlanp = Bld_icr.; 
return sid sJd; 

I 

return 0: 

Btoclc void RfKtcrdSIuiSSUUfidU -h. -itislgnad char -nifi. jt.t nldl^.i 

scr>icc sockaddr.ln a in: 
Inc olnalsA; 

Copy|&atd_!iId. aM. sMlwn) t 
flld.Ien « oldloni 
slnslze 3 Blzaotlslni : 

gatpoDrnamfl(h->rd, (struct sockaddr') &sln, fcA'.iuHiAi- 
o«cpr(finM_lp. »sln.3in_addr, ^LzeoffsLd lp»|- 
3ld_tlme > (-.ImatOt . loO; 

Copy(tsld_M8tcrK«Y, h->n»atei:Key, ii-r-cMaLarKnyL^ni • 
ald^astftrKeyLen t h.- «Mae«rK«yL«n; 
CopyUald_l(*iyAcg, li-»;«yAr<i, h-»i«yftrgLeni , 
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Copy (< I Id h->to. h >itraLenii 

Capy(*«lil_p«rcerc, h»peerC«rc, h->p»iorUectL«ni i 
sld_pseiCQrtt^t t h->p4>erC«ccLen; 
Bieacpytsld.clphetdmi, h ."cipherK Ind. ll; 



sutlc '/old !tct=DV«TS!USr.4-:4|SStHanai« *h) 
t 

Copy(6a->ia48tcrKov, ild_iRast«rK»y, i»ld_j»asc«rK«yI,eof ; 
h->Biaiscvrr.eyL«n - aldjnasCQrKeyL,en; 
Copy(ib->>(«yAtri. sld.keyArj. r.ld_iceyArgLen( 
h-^keyAtgLen = sld_iC4yAC3ien; 
CopyUh'>Kn, uid.VjD, ^jd.kmL«rt» ; 
h-»cniLan > zid^kinLmt 

<:npytfch->p«arcer':, 3l0.pcerC«rt., «l'a_p«arC«tCL«i») : 
h -»p«orCortLen » sld.peorC'srtiLen; 
Copy(th->3eaBlunlD. nld.sld, sld.len) ; 
h->«es5lonIDl,Hr. s nld.len; 
in«Dcpy(h >clphGrKlr.d. iild rttphflfKliid, iij 



•* PLodtjcK T»»a i wrlta k«yfi 

sUtlc :n<: Produ=e]CQysiS5!.HAn<lle 'hi 
i 

KOCon noxT * d t g«s c ; 
Mnslgned char kin[3":^l; 
•jnslgned in'; o«jclon; 

«s5«ctlh'XciascarlCayLeD |i ui • 
assort I h->r:U«r>r'.chall€njeLen != a>; 
4SSQrC{h->coniiHcr.lon101.«n != 'Jj : 

If lroemciipin->KlpherKlnd. [:IPHER_KIK0, l( »s C) { 
diQMt. » HD.CrearfiCoutext-.lSSt*_m>5t ; 
KOjrpdaMtdlqqar., Ii •>niaaterK«iy. h->niast«rKeyL*(i| ; 
KD.Updanotdlqiwr.. r»ii»slgiied ch»r»l 'O-. If; 

nD_Upd4tG(dlqQsr:. Ii .>CTlientCbaU»ui^a, h->cllentChallrtnqel^.1l ; 
MD_Updawtdt90St, li'>conn«e':lonH). h->connQctlonIDL«n) ; 
KD_P:ri4lMlgosc, km. toutI«ni; 
MD_Do3t.royCoin:»x-,(dI(7estl j 

/' Save «nclre (toy oaturlnl In case client auth Is usod 
h->k«i f funattined chtr*) imI locinii!:l«nl ; 
mciiiepyrh->i'.in. km, o»jtlen) ; 
h->kinuui - :i iiilen; 

If (h-»iss«rven •; 

copy ( Ah read Key, km*8. 8); 

Copy[^ti->wc|r.pKey, km. 8; j 
I «lse ( 

ccpy(th->readKtfy, kn. Q>: 

copynh*>wrr.f>Key, kn>»B, fl); 

1 

Ii->rcidKttyl,er. •< ^; 
ti->wrltct:.»yLe.T - fl.- 

h->readc» ; DES_i:r*«t«t:or,t«xt(h->coadKoy, h->kflyArg, Ol; 
h->wrlf.er:x = DsS.Creor^iCftnC'flXt ih-^wrK.eKoy, h->k©yArq, Hj 



09/03/2003, EAST Version: 1.04.0000 



65 



5,657,390 



66 



-91- 



sslhp.c 



** Send a handsbaKe n<«ss4ere Ln r.h<» rA^vtr 
•/ 

static Int £QitdCI(MtH.i9(SSUU:]r11(( -h. void •bit. Inc ttril 
( 

char hRider I j I ; 
Int r.b: 

headertVI ■ Oxau ) H£&{1«i|: 
headertit ■ LSBIlen: ; 
nb 3 S„Hrlte(h->td. t)««der, :i; 
if tnb I 

SSL_SnLEcrrjr(SSL_ERROa_I01 ; 

return SSL .EnHOR TO; 

» 

no 1 G wrltclh->td. tut, Icn) ; 
It (nb != itm] I 

SSI._Se-.ErrQr(SSL_£aROfl_ini ; 

rotum SSL_EBROR .10; 

> 

t)->3andSRq**: 
return 0; 



ocatlc Ini SendErrottSSUlTOlle 'h. In"; wr. In". Rnnrypr.erfJ 

char insqi j| ; 

DAS 10 1 ' SSL_KT_eRRnfi: 
magtl I ' H&B(«rr) ; 
mag [3 | ' LSfi(err) ; 
If (encrypted) ( 

return S5k_wrlc&t!i. isaq, 3i; 

I 

return SetidCl<f»tNsi;i:i. rsi;, 31; 



atacic Int SRitdClicntHvlLciSSUIandttt 'h: 

unfilgnttd char *msq. VtJd: 
Inc sldlen, nb. rv: 

/* Genera t« challenge */ 
t)->cll.entCbaUen9aLeri « U; 

ti->clUneCbalJen9e » fimat^ned char'l MLlocflS); 
rv « t;«n«rBtcR*nilon8ytoa(b->cl l«ntrhflH«tig9. J6): 
1 ( tzv <. Q) fjt'irn nt 



/* Lookup 3es5lon-td */ 
aid B LoottupSJDIh, 4s)dlen) i 
It (sld) ( 

h->bav«rtID - I; 



Cceotv cller»-.-helIo (reoftagv •/ 
msg = tunslgned ehar'i m^llecp • >»l2*o£ irlpherSpflcsi 
a«9tO| - SSU.Kr_CLIENT_HELLO; 
asgUI » KSB(S5L,PRaT(Jcot._vrEBSici'i) i 

insg[2| * LSQ(SSL_PtlOTnCC1L_VERSICN) : 
m99(3) t KSa(sU«ot(clpherSpec!it> ; 
n99l4| « LSBIslz«of lclpb«rSp«csi : ; 
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nsqISI • MSBr«lrlUn>; 
■asglSl > l^aiRldlen} ; 

nagtBt > 16; 

monicpyiiaag*9. clph«rSpecs, «lzeDr(clpherSpecs)j j 
neiEcp/imsg>9»5lzeat|ctpherSp«csl , sid, oldl«n(; 
»e.-Bcp/{nuig»9*flKuut{clph«r!;p«ea>*stdlen. b->cU«na:ii»J 1 «nge, lu) ; 

lib B SendCIftirHsqth. n««], S * a lsoot( cipher ap«cB) • sldlen . Ui- 
fiaainscr) ; 



sw.lc !nt i'ervJCI l<jn'.H^)(r-¥rK*y(SSLHandlw 

jnslgr^d ch«r 'mso; 

l:it nb. chlQ/i. nklfln. k.»Iori; 

'utalgn«»d lt(» n<t',j«f.; 

cUen = 0; 

Bklen * PKCSl_CtttP'ibllcKeySl2olh->puhK«y| » j. 
Ulen » l:.>kevAroLcn; 

/• Creato clleni.-B98ter-Jtey aoaaa9a •/ 

mag = [unslgnod ctiar*) malloe(lO*cl(l««n*-#kl«n*kalen] ; 

P»9lOI . SSt._MT_CUEMT_HASTERJtEY; 

o99lI( » n->clpharKindl01 ; 

Rsqiai = h->clptiecKlnd(l); 

tnaglJI » h->(!lpherKindI2I; 

nag 14 J « KSS(t:kleni : 

nsglSt - LSQ(cklen) : 

iasg(«l = MSBteKUnti 

nsgni r LSB(aKleiJ( ; 

msglfll = MSBfk9leni; 

asgtOI - LSBOc^lanl; 

FKCSl..Fjl;ll.-:Pn/-r/pr.;h->pub««y, n*9* 10*c1tl(«i, ioutUn, 

h >ra«iRr«rX«y. b->iMa?erKeyLen, mgi ; 

ftujwrpvimro* |n..;ki*n»^k!yri, h >K«yAig, (culeni ; 

/• S*)nd K}w nwtrij;,^^ •/ 

r:b I S«ndClc<iK;:jtli, rsa, :«»::kUn.*kl(in*kal«n» < 

rran{|ri<)g) ; 



JUM.- I,:t ii«ndCM.«.tx«r-.iac4t«:SSLH.indJ« -h, 'mslgned char Th. .jnsigncd l«nl 



unsigned rhar 'nsg, 'bijfj 
unsLgnad chat *r; 
unslgnod rltiri, hl«n; 
Int rv; 

/♦ 

5enorar.« raspofice da*-^ by p«fomlng a PKCSl nlgnlng operation , 

•/ 

blon - h >ttoLcn * len • h->p«erCQr^l(m: 
b'Jt = mnsloned char*) Ml loc (bittiif ; 
lBeJBcpy)SiJ( , ),.>to, ti->knLan); 
rPflncpyib-jf •h >kriLeii. ch, iwt ; 

maincpyibjt.h >kmLen.Ief„ h-»p«orC«t:, h->p«erC©rtUen] ; 
PK<:Sl.Slqn|S£L_HD5. iilmi, b-jf. bUn, cll«n"^^v ■ 
S .2tro« ■ b'if , .njtrtti! T" 

/• Cr*iite rljiin'.nifm-.flr-ktry r.ess«qi>. '/ 
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ns9 « !unsl9n«d char*) mallec I6»cl i«nc c«f r.uo. rl«ii) • 

BWglOl » SSV.fTT.CtimT.CSRTIFICATB- 

MfftlJ « SSU.CTJt509_CERriPtCATE: 

aag(2I > HSB(cltsnc_cortLcn) • 

1133(31 ' LSBIcllant rercLOTj ; 

aogt*\ « KSfi(rlen}; 

DaglSl ' LSB(rlen) : 

m«cpv(Dag*6, cll«nt.c«rt. «1 leiit_<:«rtLeni j 
itieBcpY(iBsg-^5-clLenc_curcUm. i, rien); 

rv - SSU.Hclteth, msi, S -rl lent ^^.r-.L^nTlcn) ; 
5_Z£rco(Ci rLen): 

return p^: 



unsigned nhor 'rw?; 
inc rvt 

aaglOJ = SSL_HT^,CLIEWr^rMIS(iEC; 

rrett(nsgj : 
r«turn rvi 



Pick a tlpher chat ve both speak 
ocaclc Inc Plckcipl„r(SSl,H««Jle -h. .««Jgn»d chai -hs, Int halw.i 

unsigned char *os; 
Int aslen: 

/• M3Ke 9iir« w« hrtv« i good «^rv«ir • 
.t fhslcn « 1) ( 

SSL_Sdi:Error(SSL_EBB:iP BAD fmi- 

return sst„RnjHjH b;d if^p.- 

I 

/• Find (lc3t cipher -kind tMn MtcUs •/ 
for (; hslen; halen -_ 3) f 

OB ■ clpherSp«cs: 

oalen - 3lt*oI (clpti»rSp«CHl ; 

for (: oslen: oolcn -a 3, ofl 3J ( 

" ''"is;ni'.";itji; " ** - - 

h->clpher|tlnd|0| . aa|0|: 
!i->clpherillnd;u » 05(l|, 
li->clptiQri:indm " Q»(2|, 
rotum 0; 

\ 

I 

S«L_Sor.Errcr t3SL_SftRCR.N0.CIPKEPS) i 

^ cozMzn ssu_error,.no_c:phebs, 



Generate canCtow d4*:.i (or anBi^r V.^y 
static In-. ^<n«ieteHflcr»,rKfiy(S5iita„aje 
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Inc rv; 

li->(BaaterKey » Oj-ialgned chor'f xalloclB); 

rv « Gcnartif.eHandcnByi:efi(h->n«3tBrKev, fl) ; 
If irv < u| Foturn rv; 
h->kayArg e tijnaljnod char*} cwUocf9); 
h->KoyArgL«n ■ fl; 

rv * ncn«tar,«tfl*fidotiiB/tPs(h >keyArg, 3); 
If (rv < t;i r^^iurn rv; 

rwlurn U: 



n'flM;: Ir.n. CI l«j;*.Hitnfli;r.dic«( SSt»«tdl9 'h) 

Int. rv, v»«i.«lor.. cerMen, ::slen. r-lrtlnn; 

/• Flrs": cend cllcn'-.-hi'Uo •/ 
rv = s#ndcUcni:HGiio(hi ; 
If I TV (U r^cuin : 

/' Gwt H«rv*r Tittllo 
TV » SSL_Re«dP<«M)rd[hl : 
It (rv <3 >}\ tecum rv: 
I t (h->len <■ ilj ( 

:f -rCi ^lM 3) it, (h->daca)0] SSL J^TT.EtlROR: 3 v 
revjrn -':OKElME(^->^)lca-U j 

1 

SSL_Shi Erinr(!;SL_EPROR_aAO.,PREPl ; 
retain iSI EflP.ap_BAO_peER; 

) 

ii (h->'>tt«(UI r» S£L_t1T_SFIIVEB_HELL'JI I 
SSL .£;«-.Ertor(5SL_EHR0B .BAD_I>ECT) ; 

I ~ 

vHrwlon i '.■CWBI>JE(r,->d^t.at.>! ; 

c«rtlcri - CfJMb::Jt<r.->rUc*»'>: ; 

cslen ''0MBlNE(b->d4t*»7l .■ 

cLdlen *■ COKBINEth >daia*^>»i ; 

if (v«rsloa !* 3SL_PftOTOCOL_VE!lSJ0N| ( 

SSL.EciError) SSL_EIROR_UHBUPFCtRTEI)l ; 

rei'jrii SSI.^SRflORjmsUPpOHTCD; 

li >conn«ct:ontOL.«tri ■ nldlerij 

/* Checic RRsslon-i-J ;iag '/ 
if {b->d4'.at I : I I 
/• 

5«cslo:i-ld ca=h- hlr'. (text nm.x%nti^ (torn Eirvfir Is 
n^rv"! vcrlly. 

•/ 

IC ( !h->h.iVflSID: return SSL^Sft^ErrortSSL ERROR BAD 
BecovarSIDS-'if-oiht; _ _ - . 

) Qlse I 

/• S«3alon-ld c^cne missed •/ 

ir lh->f1n-^J2i != SSL.CT_XSO»_CEKTIFlCATEI ( 

fcurn !;-;L_5*tError<SSL_ERROfl_y|JSL'P PORTED f • 

I 

l( trsien 01 renurn GSL_Sr»tErcot (SSL.ERROR BAD PEER); 
Copyuh->pe<:rcor',. h->dacA*ll, car-rian) ; 
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WX choctc eldicn •/ 

It {rv < 3) retuii. rv; 
It lcuct)_hook) r 

ty s f^uth_h3oKMBtii:h_*c3, Ii.>data*ll. certlrnt: 
_ K (rv C-I r«r,.jin .«!SL_SiitErrot)SS;,..E!!ROR_P!-(lMlSF[r«.j;rruEDI : 

i: )rv < o; rM»»irn rvt 

/* f;nn«cate «*st«r koy •/ 
rv - GenerBC«)ui8t«rKoy(h) : 
If frv « 01 rn-rurn tv; 

Now n^nd cllonc iMHtoC'k-v »AHMan -/ 
rv . £''ndCll«ntMaaf.HrK»v'lt»l 1 
J If irv < r*i-..;rn cv; 

rv » PrortuctKityaf hi ; 
If (rv < 01 r<ir.urn rv; 

/* Gel anrv^r vorlty trxdsagn -/ 

rv a SSL.ReadKessagafhj : 

It {rv <i 0) ratuni ivi 

It (h->len f= I^h->cll«ncchaH«n9oUt3l 

recurn SSL S» t Error {SSL«ERROR_BAD PEER* : 

K (n->d*t«ioj i- SSL jrr_SERveit_vE)t]pyj 
return SSt._S«tError(SSLHRROR_BRD_PEEBl 

r «?: urn SSl._S«tEcroi (BSLJTRBOfi.BAO. PEEP ( : -^«> • • 



/' Sftnd client nnJs:i«d oiessnqo •/ 
rv ' sondCJ I «nt Finished lb) r 
if Irv < 01 rqr.urn rv; 



/ Cat rsmalnln? aaitsages ttom B.^rvcr.-. -/ 
whilo I lh->8Qcver7[riiahedi ( 

rv a S5L_»n*dMOS0da8(hI ; 

it (rv <= ui :«c>jrn rv: 

iiuchlh^^^iriloir'--"' ^'^'' --«"«'^^^.'^HB=m HM> P.rR,: 
r.tam SSL.OT_ERRDR! 

rotyrn ssu_aacE. ror t -7CKBinii it;->rt.i<i«- : 1 1 , 

nam SSl^MT_s:Ea VEB_F INI SHED r 

/• Capture «»silon-ld for iattr '/ 
fiacordSIOlh, h »data.l. h->lmr. - ij- 
h >B«rvf>rFlnlohcd « I; 
tireal:; 

Mst SSL.HT.REO-JEST.CCRTtriCATCi 
ir {cllenL. cvrt kk nllenc koy 44 

)h->'lar.a|ll „ SSL.AT.>1D5JCITH.RSA.QJCByPriOKH I 
vise ( ^^"'^-^ t«.^rtflt:.v2. !. ,.mn 
^ cv . SenrtKrrorih, 3SL.?B_N0. CEHTI ?:CATE. 1): 

U (rv < i>) roc'irn rv; 
brsak ; 



/• Handshaic^ la all don« 
b->l«n « 0; 
return O; 
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rir i:f S"itdSofvRrH»»llo!SSLH*ndM "h, int sld. -jnaloned ch«r •-5, Im zfiten) 

<jnst(;n«d chat 'insa. 'O'j'i, 'tan, •n>i''.b<3*t, 'cpi 
l:i> f><jci(>n, tk«l«n. tib: 

/• Scan Lncoftiliiti ::)p:ini :£fi>u:?t (trul *il iBtlrii L<« ntiyhhlnt) wt? ilwi**. Mijpport */ 

i ; I !a:d) 1 

s'jr.ien " !i, 

3UCb49e = i>jr. ■ its: 

Isr I: cslen: rslen -■ I . cii < | I 

ssien 3 s I {cipher SpARs) ; 
fcr I: »3ter.; nsl€a * i) I 

It il(K';0! =j rsicrj AC ipistll cslH) it (noli) as f^siail) ( 

»= 3; 
octlsn »- i; 
brcak ; 



/• Hfl iose. No ov«rUp •/ 
s'endKrrorih, SSL.PE.NC.CIPHEPS, 0); 
return SCL,S*jt;Ertoc IS5I._KRROB_rtO_CI PKERSI ; 



/* Send we3sa<j« '/ 

4n.ittrr (tt- »ronn«ctior.IPLen ; i 01 ; 

tnsq = (ttnalyri-d t-l:ar*l nwl lar-M I'S^rv^r.fieriLentoiJtlan-h-aconnacclonlDLcn) 1 
CP a Mff ♦ 1 1 ; 

n!i9|t>| J 5Sb_MT_ri^'.'EP._UElCO; 
msglli i sLd: 

msoiJl = SSL CT_X309_CERT[FICJITS; 
msg 1 1 r MSB ( SSL„PR0TCCOL_VERSI 0H( ; 
WSO I 4 I = LSe t SS*L i>Htm;C'JL .VEPSI ON 1 : 
!t tSld> I 

msglSI ' KSB(O); 

cnA^j 71 - HSB(U} : 
nsalSI I I.SBtO): 
I flse ( 

najjs; MSB<eerv«r_cottLen} ; 
nsglAi ^ LSB(sarvar_c«rttj4nl : 
ns9C71 r HSB(3Jti«n»f 

Piencpyicp, wicvdr.cprr., seivQr.carCLen) ; cp sarver.CQr^Len 1 
y.*ncpyirp, aurbasft, O'lilcnl ; cp *s u'JCj«ri; 

msc)l$| • MSBHi-HjonnectlonlDLent ; 
(osgHOI J. LSB(ti->connoctiotiIDt^) I 

mwcpyicp, n >connoc':lonID, h->c(jnTi«:rlonin'-flnl ; cp *• li->eoritwctlcnIOv«n.- 
nb I SendCln«rHAq|S, iphd, cp • nsgl ; 
'jrn nb- 



i-t-lc inr ^trtidSvrvicV^rnvlSSLHindle -hi 
Itu r.t\: 
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aiMrtth-kclloncchallftn^eLcn (r m • 

nag . {.in.l9n«l cl»r-f =wJloc|l •h-irlleiir..;ti,iunafll,ftnl - 
rt«BlO) a SSL.HT_SMVEilJ/EBIFYj 

ttoicpylBwg.l. h->cllanr.cnaHengB, J). >cl l«,fi:Chan«na*t^,i ■ 
nb • SSL_Wc|te(h. »i59. l*J)->cllsnnCh»ll«noftL.nl • 
frealmsg) 
rot'jrn nb: 

> 

static Inc S«n(iRQq.4»6',CcrtUl<:at<?(E.-MUndU 'hi 
Int r.h. lu; 

l>->«uthCh«li«ii9a - i.inalqncd ctiar-i naliocriei- 
TV = <I^nBr«r.«-K«ndoiBityt6sfh->Aijr;hCMlIffiwi. IS*- 
ir (rv < Ot return rv; 
h->^ufthCh«llenaitL«n « IS; 

nig » t -naigtied char»i nwlloc (2*1 6) • 
nag (01 . £SL_Kr_HE3UEST_CERTlPiCATE; 
nsgtH ^ SSL_AT_KDS_HITHJSA BKrHVPTIOM- 
tioncpy(R»tg.2, h'>^ijthCtiaLleDg«, 16); 
nb » fiSL.Wrlt«*h, me?, ; 

r«t'jrn nbj 

I 

acBtlc Int 5«ndSwrvBrFlMah«d(SSLHandU -ni 

unalgnsd ch-ir ^^19; 
Inc nbi 

assort I h->sMsloiiIDLcn n Ol; 

ass » UnBlgnnd chtr-f »alioc(U.^ *8enitlorilPLc-,i - 
aagioi . ssl.mt.server.pimishsoj . 
n«mcpv(msg-l, h->Jiaaaicnlo, h*>ses«lonIDr,nni ■ 
nb » SSL.v/il'.oih, ttag. 1 -h- >se!,i,ionlDloni - 
trec(as<t| ; 
retucn rh: 

I 

static Uii 'A«kc;icni:Cftrcificate;.';siHaDdJe 'h. 

'Jnalgned char -c»rt., jnalgdod ccmiLw), 
J 'jnslqned chic "r. unaigrnd EL«ni 

UMlgnad cl;«r 'Ixi; : 

unsigned 

Int rvi 

Pleat validate nerci itearjs. -/ 

If Irv < 01 raiv'trn rv; 
If lauCh_h9ok) ( 

rv 3 .'•a'j»:hj,aakunuth_«g, cort. cercLcn); 

Ccpy(4h.>p#,8rca^^. cart, .wr'.L«n»; 
h->p«arC»r»;Len = ?;'?rtL«n; 

/• Th«n v«rify raspanno ■/ 

blen .. h->)«nLen * ti->^uihCh«! lP„g«L«, . rf„v^, c^r- U», 
bu( . fu«lgn«d a«llOC(bhS;); 
moncpyrbuC. h-*JCT., h >ttnLenl: 

meincpy{b.j(.h.>KBL«n.r;..><..,thChalla,w,Lfw,. .s,:r vnr .r,t ... sJrv«; .-rM-.i- 
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rv - FKCSl .V-irirySlqr»aVJrot£S[,_HD5, h<;f, lilcn. i. rLen, >pubK<i/) ; 



MiAKlc Int. !;«rv*>tHindl3hAt*)SSU!uiidl« 'h, Inc ou thCl 1 «fir. i 

Int rv, oumldlan, verclor.. calcn, sIJIrh, rhJen. (lotA'Jth; 

Int clcl*wi, 'iklwi, kitign; 

unsigned cliar 'Kid. 'ri 

jnitlqr.«rt Int w-.l-*:!. :l.*5ri. rorcLwn: 

/• Generate coonT>-r,lon Id -/ 

h- >(;onn*«tlon:D = '■iiisigncd chor*J mallondil; 
tv X Gonoro>-.*»R-an'Jo«Byt»f!((h->rop.noctlonlD. I6i: 
I ! Irv *■ 0) rot-iim iv; 
h ■ .rr»nrie*:l;IoiilOL«n « It; 

/• Reai rUwi'i-hflils n»s2a?R •/ 
rv » SSL.ReadHiicortlUJ ; 

ir (rv <t 'J) tw'.urn i t rv •« 0 I 7 -I j cv j » 

If lh->lun < ?} return SSLJotErrar iSSL^ROR BAD PEGft) ; 

It th >rtar.*|0| SSL..HT_CLIEMTJ)ELW)l 

mturn SSL.Sq:Error(SSL.(iBRnR_£AO.PEERI ; 
version » CCMBrHE!h->d\ta*li ; 
Jt (vers I an t. £SL_PHOTOCOL_7ERS10H) 

r«ttirn SSL_S«tCEror (SSL_aRR0R_UN£UPPOirrED| ; 
cslon COMBIHE(li->adta*Jl : 

Chlen ■! C0MBIh'E(h->dAW7t ; 

t( Itcalen — Q) || {chlon -= Oil i«tum SSWS«tError(SSL^BR<.iH SAO PEERt 
Copy(«h >cMontChaii«jign. h- >da':a »-f*csltai*s Irtlcn, chleni ; 
K - >cl 1 or. CCh 1 1 1 iy;q«»L«>n - I nn ; 

/• rh-cK sRsslon-lJ 

alH • L?.ok'jpJirtN, iijutcidlmt 1 

If Is'.dt ( 

/* 3oQ if ir.'ji "ha tftiine o!rt... •/ 

/• ."tot ih« Ram eld... ♦/ 
o*jr8Ldl«i : U: 

/* ti. T.hrs GOiM aid. . .wlnr.crr •/ 

) 

/*♦ Don'z -jsu w)t.ry from old each* bfcaus« client dlrti'r, .jsa it •/ 
o'Jt3ldl«n - •); 

) 

! 1 (ourBldloii -- 'i< 

/• Genera «waloil-ld */ 

h-»B««lonltJ A fiinoiynad cli»r*( B>alloc!l6(: 

IV - Citnera--e(t4ndoi!»Bytes(h->»ea.«tlonlD, 

it (tv «■ 01 r-r.'jrn rvj 

h >f:«rtflloiiIDLai « !<; 



/• S«id s«rv«r h«nc rwaaa^n •/ 

rv ^ SwndS«rvflrH«no(h. o-jrilldlftn ; 1 . 0. h->d4»:A.?, csl^ 
U trv < 0) lyrjirii iv. 
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/• C«t th« cll«nt-n«oMr li«y aesa«9e •/ 
rv 3 SSL._AeailR*eord{h) I 

If irv <3t 01 rotiim t i rv » o i 7 -i : rv j ; 
it (b->lon < lOl tetum SSI..Sa5Error(SSL._EHfl0fl_BAD PEEPt - 
It (h->da«|01 !- SSL.MT.CLICNTJWSTEn KEY) 
MCurn SSU.S<tEcrortSSL_ERKOR_8At) PEEHl : 

h->elph«rKlrKJ(OI * a->d*ta 1 1] ; 

h->clpl»«rWnd(l| • h->d«ta[itj 

tl->clpherKtnd|3l « h->dacati|; 

cklon = cuHBlNErh->datB*4i ; 

•klen = CCH8ZNEin->dat«*'6) I 

kcalan = CCNBIIJE{tf>data«8) 

Copy(6h->K«yAr9, h->{HM*iy.i:hlcn-e)(iwi. k-imm, 
r.->)ceyAcgLon = V*l«nj 

ilr^^Vi^? in pl«c#. Kh^ Bocrat -jfilno o.tr prlvat* k«v • ' 

tou-.Len. h->4«ta.lO*cXlcn, Mklon:,- 

CopyUh->0«terKev, h->d*ta. 1 K-ck Ion. ...irl«»,.. 
h->in4«cerKuyL«n . ouclen; 
I alaa ( 

/• Copy Info Erom ««j»lon-lJ into h 

^ RacoverSIDSLstefh): 

cv = PrcKluceKeysih): 
IC Irv < ai return rv; 

ev = SandSorvarVerlfylM; 
It rrv < 01 return tv; 

tlfdet HOTOEPJSW 

M taur:hCllenr,i ' 

/* Au Chanel cacie client «/ 

rv = SpndHeemaittC*rtlflcar.o(hi : 

il trv « n( i«curn rv: 

I 

/• Now wait ror nll«it-i;r,u;i«l inc.i34q«i •/ 
^atA>Jtti "0: 
tor I;. -I ( 

rv T .<»SU_ReadH»ssage[ht ; 

It <rv <* fj) refjrn t ( rv « 0 ) ? -i , rv 1 • 

«ii5r!">;;;t^lfln'r" ^^''■^''*^^"''^^'-^^^-^»>-^^^^ 

«^a■e SSL„MT_2HB0R, 

return -i.'OHBIMKth •>dawl I : 

C4ao SSU_HTj;l1ENT_CERTIFTCATE: 

Chack ♦uthanticttiion rospona* 'f 
certLan = CQMarNE(h-><tets«2j 
rUfl > C0nBIKE{h->dica*4l • 

rv . Chcckcri«aw;ertUlca«(h, h-*data-S. nertl^en. 

It Irv < 0) r<jturn rv; 

gotAuch - I; 

break,- 

case SSL.KT_CLrorr_FlK'ISHEO. 
/• Check connecLion-ld •/ 
ir (h->eonn«cr.iontDLcn (- h'>ien-l| 

"^urn SSL.SatError :sst...EllROfi_flAO PEEHl- 
'"^Pl^'-^^^onnaccloniD, li.>dau*K h->cor>nec<:tonl[iL*m. 
return SSL„Se LErroriSBL_EIlROR.fi AD PEER) . 
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h->cll«iinPl(tlBhQd = I: 
t>c«ak : 



f Sc« if ir.'n tlBo CO stop -/ 
ir faurhcilflnt) ( 

It (cior.Auth l( li >RlientPlnl5hi#dl 

; «lse • 

If 'h-*clienr.rinlshodJ 

\ 

f send 3ertf«v tlnlshart rcooaaffu •/ 
ftdC0[dS:D(h. I. >t!«BlOllID. t)->S«SStonIDL«n|, 
cv * S«;ndServ.trFlnlshod(h| ; 
l( irv < 0) t'.' 'irn jvt 

f Handahaic^ \7i -.11 dona */ 

h-*!cn - a; 

return 



*• SSL .^anaahflkP . F.,rfori« chfl SSt ):and.ihAlcs prctocol. 

Int SSL.H«idr.hak*tSSUHandlo 'h, lr.t how) 

If I It. M:r«.v.*iFU«,5 X SSL_ENCRyPT_MASK I ti. SSL_D07n.EI«:HYPr ) { 
switrh. thow) I' 
'Tisft ssL_HAHnsH«E_As.,c:,:Eirrt 

r-^r.-irn -ilMntHarttJshakttrhl 

SSI...HAMO£HAKE AS.SEP.VER: 

r"<iir.n S«rw«rHlhd3MAk«ih, Gl; 

KSI,..HAHDSHAKE_A^-_SEBVER Wl ni.CLI 2fIT_Aym ! 
h ->l3Sttrv«r - I J 
r-^r.jrn Ser/urH-indshakeift. :); 

} <itse I 

cei'iniliij J 

) 

. ) 



I* A uood plarr. t.c 4 trcdKfJolni 

f 



servor_cRrr = r; 
Oorvor.cerr.L-jii - ( 
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stub to dQein« c'.lnnt mtonaatjon 




fL_Cllfln'.Infoi"insl(fned ztae *c, Inz c\. RSAPri v^t^Key 'I 



cll«nt kov hey: 
client.CBFC » :;: 
clicnt.c<irt.Lr!n ' t:l ; 



4 SSI._A.jthHookanr. ChooHl (void *arff, unsigned .vh..r V 
»jnslgn-»d cernLeri). 

void *'%T\:\ 
autK_haok - hook; 
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-.opyrighc rc| 1995. W,tacap« Comnunlcaclons Corporation All rlaht» 

- ^"'^ sockets Uye/7eIarS^re ^ 

Heteronc. |n,p,e„,«ntaclon License Agreemenc. Jl.«e roS ?h» 

■ Sl^J I'iSuft'rV With thl. Sott^r. tt2y S« 



• iinclud© *£al .h- 
llnclude •sslilb.h- 



^ 'iiisl^ed chnr 'src, int leni 

•inalgned (mic; ; 
it treading) ; 

^ OSS_Ei.cryp'.it, >wrl>;*-x. .lest, tpar-.. arc, itn); 



Calcula?:* kac. !.*i:e HDS . 

•/ 

N-.'.tic- CalcrAfllMr.signed ch*f .a««t, SSLHandl« -h. Int r^dina 

^ '.nsloned cl.,r -<;*la. l,.f. ifln. m-: p«<HS!nqi 

'insl(i:i43d In*: rirloR; 

" KD.Crsa *. a'Van-.ex': (JJ SL_M3S j : 
It lie^dingf ( 

^ W>..i:pdac«in>a. 1: >wrltBK«y, h->wrH:eE«vL«ni ; 

MD.Upda«(Bd. d^-.a. Inn): 
1 1 vpaddlng) ( 

acttflai;{pad. r-4ddJnq, padding; .• 
^ MD.Lt>datr*iiid, paj, p/iddlngf ; 

I t f raiding) i 

fioqIOl . (I, >rcvSoq » 24) & OxK; 
seqlH = th->rcvScq >> 161 f, Ox(l: 

s'»q(J| o »h->icvSe9 » o) t oxlf- 
h->rcvSeq"; 

aeqlO] v rti •>R<in4S«q » £ OxU; 
seqfU •> lt>->£ends»q » 1«: 4 Oxft's 
r rii >s©P.dSeq » J) * Cxtfi 
s«ql3l a Ih >s*ndS(iq •> Oi 4 9x(t; 
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} 

KO_Update|nd, atq, 4)i 

MD_Be4troyConc«)tr.(indl ; 
return O; 



/• 

•J Spin r««dln3 uncti bntec U llllou ..p with r-quMced »oount rUr-i 

Int s_B««d|lii»: fd. void -bjjt, int Uni 

Int covtnt »■ 0; 
while limn} t 

lot nb « raadCd, b'jf. l-^Uj 

IE inb < 0) I 

If ((«rmo « Etrmj II i«rmc « EWUIN) » continue: 
reUrn nb; 

) 

It (nb ■» 0) brcrtk: 
count -e nb; 
Icn nb; 
^ bat » (VOW) [(<e^*r-)boJ: * itbi ; 

return co'jnt; 

) 

Int S_Wrlt«ilnt tJ. void Inr, iKnt 

int count « 0; 
wMle (lenl ( 

int nb - irrt':r'{{d. iinf, lunlt 

It (nb < C) f 

ir (lormo « EIOTBI || .-rmo eagaini; .-oi,r.in.jo. 

I 

if tnb m 01 br^ait; 
coun^ t-a r.b: 
len -3 nb; 
^ but • (vaid-i : :( 'i.if rjhuo . nbi r 



Ro*d an SSL r««ird. c.th«r up th« data and py-, ».n* n-.f far In 

Int SSLi_Bf!BdRec:ordlS5LHandla »hi 
int nb) 
Ji->len ■ Of 

nb « S_Beadth->fd. li-^-hwdar. 2], 
It tnb u 2j J 

Li (Ob 3» o» r«curn nb; 

sSL_5etError:ssu_EHB0B loi: 

return SSLuERI>()R_l0, 

If r(ti->haad«i|o; t oxeO) «• C) ■ 
/• G«c rest oC header. 
nb * s.B*s*d(h->rd, h->h«jrter * 2, i); 
if tnb ij ret'jrn £Sl._S«cRrr«t isslI error jo;. 
h-»l«n - nh->h«ader)OI t iix3rj <- ?i I h ->>i«=irtar 1 1 r • 
h.>|»ddlng = h..>h^,dett2); -Ji-^rtarlir, 
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tf |t)->tM>«d«tl 101 t OxtOi I 

/• SoBMbodv 8*nt an cocopo, . .harumpii •/ 
r«t'jrr. SSL.StilError |SEL_ERBOfl JlNSOPPORTEOt ; 

h-M»n = i{h->ht»<1<»rpl 4 0x7(1 « «| | h >h«adar|l).• 
h ■>rMfklIri<) » 'J; 

1 

/* Mak« buu«r big tmcHigh -/ 

1 t (h'>tMSO| I 

h->b.j3o I I'inslanwd chssr'f roalloc(h >bJafle, l:->l'»rU! 
I <ils« I 

h->lM8<* = i mslqned char-i salloclh-Mflni ; 

.'I ■ (tp.lt: • I 

/* Soad r<*ar. nf record 

h->dt-»l 1 h >b4«*t; 

nb • S.R«ad!h->rd, )t >a4>:a. h->l«n) ; 
if Ir.b !- Ii->t«n» f 

aSL_Sar.ErrotlSSL ERROP.TO) ; 

t«t.urn SEI._EI1BOB_10: 

) 

h >rcvi;«q..; 
rocurn h •>\mr>: 

I 

/• 

Poad Irt Jin 4*1 ivwtiMp*. nn^ryp': Lh« Incomlnq data. 

( 

•jnslgn«H tnhn maclHDSSIZEI : 
'.nr. rv: 

11 Irv •:■ ij) rtlu:n rv; 

* ' A r '•• ^j" I •»! .^.-tH ) n(; ! r - r. u 1 1, jt;;!, .^•ri^ Rr ro r . S.S L .ERR-n R ,nAn.p«lt*SSAGE) ; 

Pecrypr. i-nfl- r«t.-oid (tnpJ.irot */ 
if !ra«incfflp(h w:lpherKltiU, CIPHER_K1H0, 31 0} ( 

a th->lr:n t 7 1 r«nuih SSL.SenError (SSL_SHBOrt_BAD_«esSAGE> ; 
^ •:rvpi;otn-:-t:-i-.(i. h. (. h->ti*r,«, h->lcin)i 

/• Choctc r.h*» aae '/ 

CalcHACImac, I,, l. h->daca*H05SlZE, r;->lrii-HnSSX2E, 01: 
If !nenanp(inac. h->d»n4, HDSSIZE) ! • 0] ' 
^ rtr>icn S.>l._S.^tErr^r {£SL .ERROR_BAl>_MA?l : 

h->dan'» •- HPSSIZE: 



void S?;E._tw«nft*i-t JSLHvidl': -hf 
I 
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If Ch->-cli«ntthalIen9el !r«eth-x:ll«nLChalL«f,g«t - 

it <t\->cannocclonlO) freB(h-»coini«ctlonlD] • 

JC Jh->pgWC«yj rKCS;_C«acroyPubUcK«iy (h->|wiiK«yK 
. 5_2rreeth->readKav, lioraadXoyLrol , 

If (h'>ae9 8ion]Ol free(h->s«3tlonlD>.- 
It fh->lc«yAr9» (rtifl(h->»tey*rgt; 

U h-vkn) S..2£reo(h-*tui:, fc->fc«Uin) i 

It (h->p«rCBrt) freeth->|»«rCBrc} ; 

if (h->teadcx) I>£S_Dfl9troycontMCih->r«4dcKtj 

U (h->wtit«c>ci DES_ii«scroy(:onc«x';(h.>wrltccxj; 

ir (hoiiockit) sfll_OMtroySocViilnfoih->Hnclwil ; 

^ .'i_Z:r«lh. HilBOf ISSI.lVs.TdJ«) I; 

SSLHjindle •=J«l_H«rrtiwdl*1IIUt M. l„r. n.lQHl 

$SLKandl« 'h; 

II in) i 

K-kfd ■ Cd: 

rtitum hr 

( 

SSLHandle •SSI..(:r«flt»tin( fd. inr. f 1.193 1 

SStMandls *h; 
Int rv; 

h = '»"l_NewHai;di«ttd. flngat; 
!f t h ) t 

rv s BflJ.Croar^esocccintoft.i ; 
I f •: rv < 0 t ( 

SSL Otts^.rovfht: 
h • a: 



t«ltlJrn!h( ; 



Int aAoun):. fount, nU; 

If I rt->creot«!Flaos » SSL_EMCRypT I : 
coune ■ Ot 
while 1 Iflnt r 

i^^ir""ij;r 

'.r (Amount «r ci ( 
It fco'jnti br««k; 

/• G«t « new imcrypted n^ssat;. ir»n cer.ditr 
nb » SSL_K««dHnssoqflttll ; 
U (nb -r. cei'irr nb.- 
anionn*: h>>lfln; 



/' Copy o'J^ 1 h'JT.fc u( di>;4 ■/ 
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h->l**n -I Ano'jnnt 

1 «n • - Miount ; 

co'Jnc »a 4aount; 

b'll » (void* I ( ichflr'ibut * 

) 

"lao I 

t:<>un\ i fn-idth >rfl. hilt, Unjr 



r"i"'itn noun*.; 



" Ltralt wiito's CO r.nat -hey fit with 1 1» * slrjalo record. "raJc* Into 
icco-m- Mie ftfwcQ r.^M**] by the HAC ind 1^ ih* blocK uTph»r IPESI 

»d«tln« HAXJrfBITC \ 

1SSI._MAX. BLOCK .TVPHEn.t.EN - MDbSlIK - H\ 

In- SSL_tfrli-.^(5£LH*ndle "h. void -fc-jf. int Inn I 

•jnslgnod char 'tutRf), -rp; 

irr nb, aao'jnr, csunt. (uddlnq, recnrdLwi: 

ir { 1 h' >cr<t>ir.pF109S i 5SL_EtfCRYPT_MASK ) >^ SSL_ErrcRypT ^ I 
^ rnr.*icn(S .WrIteJh >td, JwC, lenj); 

cc'jni: i 0; 
while I'.mn) I 

/• K4lce R-ico wa dcn't Aintd *,oo lArgn « record •/ 

takO'jn t - 1 «n ! 

If fanounr, ^ max.writei <: 

t 

/* Format 'ip record tor itansmlissLon 

bas« = :-p = lunstgned chlft aw J t oc r ■tr.oun r. . ^ - mobSIZE • 71 
p-lddiftq • ^mo'Jri" i 7; 
I f I padding; 

r-addlii"? T q . piddlng; 

re=ordL«ii « .tfliotjnn . (widdiiij . KCES12E: 
It (padding I i 

•cp*-. f ifKCoidLor. » Bl s Ojt7£i 

•cp»* s recordLen i Oxff; 

•cp** J padding; 
I nl5« ; 

• cp.. . Qxao I tttecordUn » Bl « Ox7f): 

•CP-* « rocordLsn « Oxtt; 

/• CDtrpycQ nac and Ator* It Inco -.ho o'Jtput buefer */ 
CalcHACirc, h, y, (unsigned ct:ar*tb>jr, aaiount, padding)- 
inamcpylcp-MDSSlSE, b>if. *>mountI ; 
ineinsoC(cp»MDSS[ZE-amount, p*ddlng, paddlngl; 

/♦ Now encrypt the nac plus the Input data plus the pidrtlnq •/ 
1.' (fiemarplh->clpherKlnd, CIPHERJtlHO, 3) oo 01 I * 
^ crypto (cp. h, 0. CP, KD5siZE**no'jnfpqddlng>; 

•"F *• HCSStZB ' iinoun': • p«ddLn<;; 

/• wi ite It. out •/ 

l.b = SJtttl'.Hd, >tfi. btS*. - tM8«l: 

1 f {tib « :>i [ 
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recurn nb; 

) 

count anoun* ; 
l«n -» amount) 
^ tut a (void-i ((rJufiNil . jueeunti; 

r«r.urn cotmt! 

I 
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; lBpl«nwt«ion (tfi« -SafcwacoM to ,Qv«rn«d tha t™ of th« SSL 
• description oT Se rtgnS granted. 



• includf* -sflUib.rj' 



static 'tnslgncrt ll-Md-rL<ai |,«,cJqr..»d -oji 

it lien > 12; I ( 

If !l«n • 255) ( 

I ( {len > €&S3S) ( 

:t |l«ri > 1^7-7721^1 I 

return ^; 
I r1s» { 

iBr.'jrn S; 

) Ol8« ( 

ttiturr. 4; 

( 

I fllac ( 

rer.tirn 3; 



void S-.oreH«,dor (unsigned Char 'huf, unMqned cod^, unsigned l«n) 
'inal^iMfd rhor 3|4|; 

trlOJ s Cen » •J4: i Oxlt; 
bin • tl«n >> ici t Ox(f ! 

bl3I - t axff J 

1 f 'len > 127) I 

t! clen > ;s5i i 

l( flen <i5535J { 

It Men > I6777il5) C 

•tur** » btiij 

•but*- ^ hrZI ; 

•b-jf*- = bill; 

*tflt** = 0X83 r 
•but*- * b| 1 1 ; 

^ "bif.. t bl JI ; 

I else ( 

»but*. » 0x82; 

'buf.. . ma]. 

•b-jf-- - dIJl; 

I 

: ttSR I 
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•buf.* T b])t! 

) 

I 9Um ( 

•but** a bni; 



void DC6.ancodoSi:r('jnal(jnQd ch«r "dasnp, unsign»d *dosclr>np. '.tir r.y;:^, 
unslqned ctiar *&rc, unsigned srclitiO 

( 

unsigned ctMr 'lip: 
unsigned hlf:n; 

hlen = HeadecLen(siclenl ; 

*dastp > dp'* <*insl3ned chae*l a4:loc|hler * Mcrlnii; 
SCoreHa*der4dp, K.y^a, urclm) i 

•dssclQnp = rilen • ercl«n; 



void tiEK_EncodoInttijnslgi;iKi rlwi ••(tpisnp, unstcttwid MfW.lonp. Inr '.yp^. 
long li 

{ 

uniigned cbAf bbl4| . *dp: 
unsigned l«it, hlmi 

bblOl * cjnslgnod ctvir) (1 » 24| i 

bbUr > (UDBlgned Chan U » Ul ; 

bb|3| B (ijQBlgned chart (1 » 4!; 

bb|3| = (ijoslqned char) il); 

r* 

Small tntagera are «ncod<il in \ slnqlQ byce. t^rqer JnrrngMrA 
** tQtftlio prctgras6lv«*ly iwirti Kparni. 
•/ 

if II < -1231 t 

It (I c .J3768} •: 

It (I <: -4}Bfl$0S) ( 
:en c 4: 

I Hl9« t 

'.Ml > "l; 

) 

) VlSQ I 

l«Q = 2; 

1 

I elBQ If (1 > 127) { 

le :i 3:767) i 

If II » 8JI8ftC7l ( 

len > 4: 
) elae t 

l«n 1 1: 

1 

) eisQ I 

l«n » 2; 

) 

) OJsa ( 

Icn > I; 



hlan B HBadacLanl l«ni I 

"destp * dp » tunsignad char') aaJ :oc Ihlon ■ lonj j 
SCoreKi»«der Idp, type. l«i); 
Biencpy(dp*hlen, bb * i4 - leni, l*ml ; 
•dastlenp t hlan • Uri: 



void DER_Er.codeScqlun3lgnsd cMt *'iiaz-.p. 'inslgnei! "t-ST.innp. In): 'VP«. 
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Lialaiied char •arcl. •inalqned ?ircll«n, 

'<">_lls>: Hp; 

•ina ignod hltm, Itn, t:atl«xi) 
'iiislgnod chir •■car., 'rfc, 'src; 

v.i,*tarMJip, 6EcLJ«r): 

/• Concatmato orgumeo': data and couriL up total length 
cat = ( jnslgnsd c.i»r-l nm U6c(accll«nl ; 
catl«n = srctloii; 
DBttcpylcat. arr.l. Brcl.i«i|; 
Tor ( : { 

si-c = va_flrqiap, chai*); 

!«ti = iMHslqnodj va_flc:|(ap. Inci ; 

cot 1. tnnalansd cli<iE-( rcallocfc<ir„ ii-len » Ittnj ; 
T.cmcpylcn'-.tcar.lwn, ate, l«nt i 
rt3tl«n .! I nr.! 

) 

v;»_«.-id(iip> ,- 

hien B KoaderLen'caclenl ; 

•doatp » dp a t'lnaigncd char*) nwlloc (hl«i * catl«n|; 
StoceHoodaridp, t>Ell_SEOUEMCE|DeR_CCHSTStrCTEDl nypa, Ciitlfln); 
«tmcpy(dp»-hl#in, i:»t, ;:atle.il; 
Creetcat) t 

•riAAr.t«rip ■ hl«n • tT^tlon; 



parse a rtftr l»iiq»-h =pd«. Ralorn f.he toMl length of the header as w«ll 
« rhe lonqth nf objec. that tho hwdec r'jfers to (In -lep.pl. 

sIoiimH Deil.c«LH«dQrLnn(tir.«iqn«d cr.ar -ate. 'jnsigned 'lenpi 

If IfcrctU . OxflO) < 

hl«i 1 3 . (flrrli; t, Ox7fI ; 
f.wltclt (;<[Cl 1 I 4 UxT( t ( 

CAt* flX'tO I 

'Innp 0; 

break I 
•-tse VxUl I 

•lenp ' -trcl^i; 

breok ; 
C«9e 0x02) 

•lenp « inrct!) « e> I srcUl; 

bceak : 
caj« OxuJt 

♦lenp i isr::(2] 16i ( ierc|3l « a) ( sccH) ; 
br«aki 
casa UxU4: 

M«np ■= (Krci;i ^< 24: | IsrclJI « :<| | tsr=l4| « 8) | arcf!?!; 

• Aiea ( 



r-jt irn bl'rn: 

I 111 DEP . l»^»rl.(S"qtL''FPL'«yp'j'-. T.oq, Ift- nscq, lut •-ypfi. 
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'jnaloiwl cbar 'nrr. un9l9npd srolont 

'jnslgr.fld hJ«n. 

/• Check and rhw strip otf sequtmce */ 
typ. = type I DER^EOUEMCE | UfiR.COHSTBUCTED: 
if isretO] •■ r.yp«| i 
rocurn -I: 

J 

hlon = USR^aHf^eidcfLcn/firc. tcteri) • 
arc ♦= hlenj 
srclsn 9 Men; 

/• Capture contents ot oeqijenctt •/ 
whllo (--nsftq >■ c; ; 

U ttseq-.vr.yp, PER^NT> u {nrt-.tOt tr woq-stypitl I 

J 

hlcn » OER_CeLH«id«cLm(src, -folmi.- 
fl»q->lt€sa - arc; 
a«i->ttanL*in t hlen . oitnt 
8aq.*, 

arc -t hlen ♦ dent 
i; (hlen * olan > srclflnj . 
return -i,- 

1 

^ srclen -t hl«n . olen: 
recurn U; 



long t>ER_Cot Integer I unsigned char Tpi 

unsigned len; 
long Ival > O; 

unelgnod werlloH = C>xtt « t (iiiseoi I ivali i)-fi(; 

it (cplOJ 1^ DER^INTSOEB) fenun U- 
I«n a Cplll; 

If (ler. >i i»x9ai return 0- 

Cp «» 2; 

While (l«n) ! 

t< llv^i i avert luw) I 
II tlvjil < 3; { 
rer.tirn -l: 

» 

return ;intl ( |.jn5l(in<»d> n « (;> I znot i tv.i) } '» • I 
Ivil ■ ival << 9; 
Ival |« 'cp*-; 
"Icn; 

I 

return Ival; 



void S.Ztrsefvold *b.jf, unsigned Isni 
afiasot(bu£, 0, i«n: ; 
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CopyrlghC (c) ;39S. W«t9c«p« Coanrinl cat Ions Corporation . All rlgtl-.a 
rcoorvcd. This use cE thla Secura Sockets Lay«i B»fer«nco 
!! ''»P*«'en"tion icha 'Softwato') Id soverned by cha cemis ot th« SSL 
Poforance [aolmencACLon Ltccnoe AgrccuenL. pieaaa r«ed ttia 
aec.«rpanylnfl -License- ttU Ccr a tJoocrlptlan of tha rlghca grsntad. 

• An/ other t.fcird party i«t«rlaU you use with this Software may bt, 
?i!f^r' aldltlonal Ilcens. «Dtrietlona froa tho Ucensora of auch 

* third p*rty oortwara and/oi additional export reatrlctiona . Tha SSL 
mplenwntaclon f.lccnao Agreettanc grants you no rights to any such 
third tMCCy m*terUl. 

•/ 

flncluda 'flslllb.).* 

llfndot 3SA-e.W0BK5 
/' 

J- Ubo llbdflc <M lnplo»*.nt UES wh«.n wfl >.«ve » brolten (WAFE library 

Uncltido *l UidoB- t .t)/ni.-c.h* 
Dnndlf 

SCrucc CESC□ntextS^.^ < 
tirdef as ATE .WORKS 
B_KEY_CBJ Jt«v: 

daa^cblock key; 
des .cbjock iv; 
daa_t(«!y,sch«>ilo s!;l(»d: 
»«ndl t 

J ; 

•ltdef BSAFE.KORKS 

4AH_0ES_CBC EtJCRYPTJlO.PAO, 
*AH.OES.CBC .[)Frsr?T_MO PAD. 
0. 

• wdll 

usscont^x' 'rjt; 
...^"^ = ''OESCotitHX'.-l «noc|l, alsoof|DES:oNr.««r,M: 

B_CreatQ|CoyOb1ect(«cx->key) j 
B_SetKoyliifoiac->key. KT.OBsa. (POZHTER) Kevi j 
B_CrodtQAlgorlthcObiectt*cx->«lg> f 

J-^«^^9*»j'-'^*"»Inft>t«->alq, A1_DES_CBC_IV8. IPOIHTEHI Iv) ; 

B_Cncrypcl;iit(nx.>alg. rx->key. chooo.r, Oi 
} olao t 

^ B.DHcryprinlcicY-i^lg. cx->koy. chooser, ?) ; 

lalRQ /• (BSAFE.WDRKS */ 

acnK:pyicx->kQy. itey. 9) .- 

raei&cpy (cx->lv, Iv. 9] ; 

des_oot_odd.p4rlcyitcx->tt«y) 

dea_key_scriod(*cK->fr:By. <:r->87hed) i 
»cndlC /♦ SSAFE.imRKs 

ret'jrn cx: 

I 

void DES_:'^5Moy.:on>.*)rf iSESCon^^xi; •-xi 

tirdst BSAFE wip.rs 
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B_DeatrDvKeyOb1ect((cx->keYl > 
■ aidlf /• BSAFEJfORJtS V 



void DES_Encr^-pt<aKCont.ext 'or. unElgned char "out, «nslan«d itl. 
^ •mil^tied char •In. 'Jitslgned Inlsnt 

■ l£dlC BSAFEJitORKS 

B.^typtVpdaeeicx->»la, o.tt, outien, lnl«n. In, Inlen, C, o: : 

deo_cl)c.«ncrYpet{d««_c!ilot;li«) «lnlO}, <dR0_cb<eclc*t ttwtior. 

(Ion?) InJcn. <;x-»sched, «(:x->lv, li: 
/' update Ivec cus Ub(l«« duoBn't •/ 
ic«&cpytcx->lv. *ou',(:nlftn-«| , Si; 
'ouctfin « Jnlen; 
• vidlt /* eSAFR.wnilKS 



VP Id DES.OecrypciDZSCenMXt 'ex, ur.8l9ned char -out. ':noJga«d •wiM-tji. 
^ Ufialgnnd cliic 'In, unsigtwd Inleni 

• llitof flSJlFEJfORKS 

WBlsned char ia9f.lv|R|; 
nwpyciantlv. Jnlen-e) , }); 

(jM_cbc_oncivpf:t(d«3_ch!ockM tin(Ot, fdaa_cWock«) fco-jr^tiM, 

(Xangi Inlen. cx->ach«d, «c)c->lv, or- 
/• upd4t« IwBC cuz Ubdos donnn't •/ 
a«acpytcx->lv, listlv, 5); 
ti«n8et(Ustlv, 0, s) t 
*outlfln • tnlm: 

I 
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Copyrlghr. )ci 199S . Mqtscape Comtinleaclona Cazporaclon. All rlgUCft 
■•• Eeservod. Thin ns* of this Securs Sockata Layar ftefflrence 
" Inplcnentation (the -SoCtwar*-) la governed by Che tonna ot ".he SSL 
" Rftterence Implementation Llcenaa Agraemtnt. Ploaaa read the 

aceoapanylng ■Llcenao' rilo tor a d«8crtptIon of tbo rlghta grant«d. 

• Any other third party material s you use with thU Sottwaro My be 

• subject to addLtianal license restrictions froa ctte licensors ot such 

• third party cofcware and/or addlctonal export rostilctlonc. Tha SSL 
implementaclon License Agreement grants yoii no rights to any s'jch 
(^hlcd pAFcy Rkiteriol. 

•y 

tlnctudo •«5llJl>.ir 
lltdOt 3<*^FE 
tlncl'i'Je *rr.<k<«y9rt.h* 

:(tnMc B.ALCORl-ntK.KETTtOD Thooserll ( 
SAM_HSA KEY.CpJ. 
iAM.BSA.ENCRVPT. 
4AH_BSA_DECRYPT. 
t AM_RSA_C RT_ENrRy PT , 
tAH_RSA_CRT_P2CRTPT. 
iMJW2. 
tA«_MD5, 
3. 

1; 

y* ij^^HUS""^^"' "ro for rter encodlrvq ci private Key information, der 
integ«tB fwhlch the private key inComatlcn Is) 
roq'Jlrei: <t Iw^dloo 2«ro If the tilgh bit Is ««t In the MSB 

sr.4tlc .;n3lqn«>d cUr *Pl)rHZ(ITEM -It. unalgnetl Venpt 

■jnslgned char *rp: 

cp • I'Jnalgrnfd rhflr'J ndUor:( It- >lsn * U; 
If ltt-*d^i:,|0| i 0x90] ( 

/• Need «xtr* 0 ... •/ 

r^PlOJ ■ U; 

mwncpytrrp*!, ir.-;'4iK.t. !'.->len): 
• 1 enp !- 1 1 • > 1 • 1 : 
i «lse ( 

CKiacpy(rp. lt->dir.a. lt->tBn| ; 
•lenp « lr->len; 

) 

return cp; 

• else /• !BSAFS 
/* 

rind first non-rero Kyte in Kay dao, Lufler- The key data Is tin 

- '^^ll^**-.?^" encoding requires a l-adlnj tero if ihe <l«a 

*/ 

«*tic .inatqn,d ,:har " Fl r.dTIZ , -insl gned r.^^z -In. ur.Bigned -l«np. unsigned »«l«nl 
unxlqni^d Thar Tpj 

<:p ' I'Jiislgned ch9r-| ni3HeclJMxlen*l I ; 

1 f rinio) K ozsoi >: 

/• Add III leading zero wtd return ••/ 
cplOI - 0; 

nwKCpy (c:p« I . in, ouixlcni : 
*lenp « viixicn^i; 
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whllfl (inCOi ■> 0) ( 
In* * : 

) 

IE (ln|0| f. oxao) . 

CplOl B U; 

meocpyicp*!, in, MxXiini: 
*Ifinp s n;i)tlAn • 1; 
I «lflQ ( 

meacpyirp. in, naxiw.l / 
'lonp * DAXlem 

} 



ss^cng.""*"* cnnsrar^r lor osaref ...-l..g r*nd™ by,.o« frn». 

*/ 

«Utlc void Ser.MpRWG|RtiBContext -tng. RJIAKDOJI ffrHUCT *ccxi 

unalgned cftar 'r: 
unslgn«(l n,- 

R_RuuloinInlc;;c]ct i 
R_Cat:]tandonByr.«sci««dedI4n. ctx) ; 
c » (unsigned char'f nailocfn); 
SHCjCenorotcRandooBytMirnj, r, ni • 
R_RandomUprtate[ctic. r, nl ; 
S_Ztreelr, iii 

J 

iMidK /» SSAPff V 



Create a nttw prlvonA itwy 
•/ ' 

RSA7rlvaceK4y ■key,- 
Int rv; 
*l(del BSAFE 

BJ(ET_OEJ ptiB; 
ajVUGRrTHILOBJ g«ni 

■else /- IBSJIFE '/ 

RJtSK_PUBLlc_REy pybJteyi 

IUlSA_PROTO_KEY protoKny: 

RJA)raOH_STRtJrr etxt 

unalgned char T; 

unsigned n; 
• ■ndlf /• asAFE ".' 

U ( t IceyUft > HAX.RSA_MODULUS.BITO t M 
"Itdef BSAPE 

rv » eR,KO0ULUS_LSN; 
talse /• BSAFE -/ 

rv . REJIODULUS.LEWi 
»*ndlC /« BSAPE •/ 

SSL^ctErcor(pvj: 

recumcOl ; 

> 
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key - inSArrlvrt»»Ji»v't r^llccU, il z«ol f RiUVPi Ua>-.eK«y > ) : 

■tfrtaf bUkPK 

B.crQstoKoynMecc (ipubt ; 

rv » <>; 
do I 

kg.iaod.ilM3Bi-.S « k«ylcn; /• HOT BxportMile iron U.s.K.i •/ 

nwHch I p>ib«txp ) ( 
casQ J : 

kg-piibllcExponenc.ciaU > 'VOni*; /• ^^gnen". is 3 

H. 9 . {xibl 1 cBxpanfm* . : «n > I ; 
hraaK ; 

'-<«9A 0X11 : 

k^.p-jbllcExpcr-flncdata - "VOJIV /• *MpenmK tn 1? •/ 

kq.puitMcExpcr.er.Ti.lHn t l; 

ranfc 0X010001 1 

ko.pihlicEXpcnwit-dAta > •V001\OOOVOOl • :/» «o(pon«nt la 65537 

K9,publ icRxponiinr,l«i » J; 

bre^f.; 

rv = RE,DATA; 

} 

It (JV) brtiaK; 

rv » B.soiiAlaotl'Lhnlnloigen. M _PfyuceyU«n, ;pOirrrEH) fiXgf: 

rv s B.t;«n«ratqLnH:(5«n, chooser, 0) ; 
II (rv) brMk: 

rv » B_[U»iacii*.ult«>vp'3Lr|qan, pyb, !cftjr-»t«y, rn^-vrnq. 01 ; 
If (rwl bre<lt: 
> whJ 1« (PI ; 

If irvt I 

SSL_set.Error(rvi t 
a_D8str{iyK6v'-D)oct(tkey->koyt i 
S..Jfr«B(kqy. .:lMoI |RSAPriv«tcKoyi i ; 
key ■ 0; 

( 

a , [>«ts ■: c oyAl <jo r i nnm'Jb J cs 1 1 tqen I ; 
a. ,D«M'.royK'>v.Bt *<:>:( tpub ( ; 
9im = 3; 
pub ■ gj 

/• Make k«y • : 

proCoK^y.blta V^ylmn: /• mot Expoctablo from U.S.A.! •/ 

"wlncb ( p'Jbexp t ( /• kotBi RSAREF doecn'r. soen to ♦/ 

'^"^^ 3 1 /• jiupport 17 tot '.h« «xpon<tnt '/ 

prot3tt»ty.'i)iflp»raij':4 > 'i: 
brcek; 

TASB OXttlOOOl ! 

protorty.'js^Fermsrfl » l ; 
break ; 
delaulc : 

ret'jrni-! : 

} 

R_C«n«ra':«I'EMX-y8lSpybKey, tkt!y->k«y, *pror.o>;*y, tctxi ; 
n«i>Botitc':x. 0, slKwficcxi }: 
Di«»8«t IfcpuSKoy, (J. flIZMt fp.JbKay] ) ; 
*™dir /• SSAFE 

rpi.urr. k*y; 
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Oascroy w «xLst.lnq privnta fcny 
void WCSI_Da*troyPtlv*teKoyril.';APr:,r«neK«y '(teyi 
llfdfll BSARE 

B,0OfltroyK«V<:bj»cr,(4:(^.>kftyi . 
•andir /• HSAFE 

maBSGtlkliy, U. {R5lAPrlvar.».K»y| . : 

fc««|lcoyf : 



Return f:h» b1=o. 1„ blTa, o[ t,h, glvwi prlvar.e H-sy 
unalBowl PiECSl.c**tPrlvateit<>ysl2etRSAPf lv»r.ar„y -Fubl 

Vlfdct BSAPE 

A_BSA_KEY 'kt: 
unsigned rv,- 

a.C«r^,yInf0HPOTwrEflMftk!, p ib.>Wy, KI.RSAPubl Icl , 
retum rv; 

return pjb->Ktiy . bics: 
■endir 
1 

/• 

Per faro PXCS1 ptiv^to key decrypr.Jna 

void PKCSl.Prlv^teDecn'pn(RSAPrlvateJt«y ♦prlv, 

•inslgnad char -out. iiceignsd •cutJea. 
^ unsigned char -In, •mslgnod inloni 

•Ifdet BSAPE 

B^LCORITHM.OfiJ alg; 
unsigned par-.l, p4rt.2: 
Int rv( 

B_Cr#i«c*iAi9ocUtifnObjecr.(Siilgp . 

U IrJr^JIlkr"'^''''*'""*'' "-"«-"S«'<Wt,, (POINTEni 0.: 
rv = 6_0«crypc;nlr.Ulg. prlv-Mtwy, chooser, 01, 
If (rv) break; 

IE Irv) ( 

SSL_SotErrar( rv) : 

•orjrlen 0; 
) else r 

^ •ouUen » parcl * part2; 
fl_D«s tt oyAl 9or I rhmo b 1 eet r 6 « I q 1 1 
•els« /• I BSAPE V 

..^d^^^^'''U^^.T'"'='•• *Prlv...«y,: 

) 
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y^USa Encode ^ prtv«r,«T Key us tag PKCSl 

void FltcSl_Eneod^Prlv.ncK<fyH,n.l9n«d char "pK, .jnMffo-d .pUcnp, 
^ (tSAPrivai:«Xay 'k^yi 

'inatgned ctrnr -dn. -dfl, *tW, -dp, -dq. 'dctiodpl. •rtdnodol . -'no.ff. 

Zll^li S S'lf*^*": '•P^^"- ^=f»«'' ddnodpll^n? 

unalgned dd«»dqllon. df:o«ffien. 
unsigned char 'voroj 
Unslgnad vfrstAri; 
»Udef aSAPE 

A-PKCS_BSA. PSrVATE KEr •);•• 

•flndir 

-i,^! K)ftrac». and pr«piro key Intomatlon »/ 

k! a 0( 

0 a FlxW(*kj >ciod(jlus, £nlan); 
0 s Fixwztfckl >pubi:cExpon«nt. telen) - 
d . Fl^NZUfcl-vprlvateExponcnc, sdlcnl; 
P » PlxrfZUkl • >priinelO| , cpXen) • 
q ' PUWZtskl >prlinem, «qlcn) ; 
dnodpl r FlxN2(t)ti.>priiBeEitponontlO|, 6<taodplleni * 
da»dql « FI«iZUItl->primeExpon«ncui. tdBodqllen): 
noefC . FiWf2(AAl.>coBtflclenc, *co«(IIonli 
»eJso /• iBSAFB */ 

Ittortpl - FlrdKZ(k«y-»cay.prlmeExponcntlOI, idaJdpuJn: 

dnodql FlfidN?.lK«y.>(cey.prlB,Bfccpon«nttU, tdlSOdqlUn. 

=. ^^•^"("•'•y-^cey.prliMExponer.tloin.- 
i.'wtt i FindKZlkev-Mcey.cooltlclync. 4co«tflen. 

/• F>ice*l KKfcPilvaccrey al, PKCSM 

SveraUo, DSR.IHTECE.I, u(; 
SS-r"?'"""*"' I>Ea_lNTOER- n, nJenl; 

Dffl^ncod«StrUdo, idelen, DSH.rNTHCER. 0, «lenr 
0ER_IN1K!EH, d, dlon. ^ 
DEB..EncodeSU(6dp. Wplen, OER.INTCnER, p, pi en I 

DER„H;TEGEi; dnodpl. d«>dp,len,- 
DCT_EncodeStri4d=oof ( , 4dcoafflen DER iNTPrpn ™»» 
DE5 En=:«1«Seq,pK. pkienp. Oa.cS^iTSS ' 

vers, yeraien, 

dn. dnlnn, 

de. del en, 

tld. ddien, 

dtp, dp J an, 

dq, dqlcn, 

ddnodpl. ddmodpUen. 
dttaodq] , ddaadqllwi, 
dnocff, dcoefflen, 
0. Ul: 
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i 

unsigned cMc '^t: 
jnaigned lihlcn, K«ySlEe: 
*lt<let BSAFE 

BjU£OR[*mH.un.T t^imxi 
AK»:anr:cxc TfKJ: 
Inn tvi 
inlse 

iwidir 

k«ySlze » t'K(;SI_(hs*.Pilvat«KeySl.2eiKeyi » »• 
ab • tuaalqrwsfl .V:iJ»r-: m^lIoclkcvSlzei : 
tlfdat B5APE 

do I 

cv . B S.*'AlQcrl':h»lnl3|slgo, 

(ilg *• gSLJlDS) 
} AJ_|i05Hit:tiBSAEncryption 
: AlJfflJWlthRaAEncryptlon, 
(POItnXR) Oil 
cv ' 8„Sl^[nltfsli|n, >'.ay->key, choosar, 0} s 
rv - B,^l(jnUpdai:ffi»lgi\, 1'jn*lgn«d char-) buf, tn:fl«n, 3i> 
rv ' B..SlqnPlr.4l{nlgn. Kb, fisblen. kovSi:«, 0, 0); 
) while tO}: 

B.D«atroyAluitf 1 ).hn'-*b]«<rcu.<ilqn| ; 
it !rv) ! 

SSU^ecCc ro r '. rv ) ; 

'slglen •- 

•slg u rt; 

f reefsh; ; 

r<*r<jinr 

I 

»nlso 

sign » iP.SIGMATimE.CTX*! csliocd, aUeof (R.SICMATURE CT^: t; 
B_Slqnlnl?£slqri, l-Ug SSt,_KD5l ? I]A_HD5 : QA^Dl) : 
B SlqnUfMlacflialqn. cmBignwd char*) buf. ttjilen)j 
B_SlViiPln^U.i'. nn. *«fci«n, «lcMy-^ki*y| ; 

*slg • ('ins:^!^^ char*) oil loci shL«ni : 
'slgleti » sblf^n; 
oeacpyfalo, chlcnJr 
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S.Z:reei<], dlon): 
S_Z£rea<p, pi en}; 
S.rCre«(q, qlcnl ; 
S.Sftealdaodpl, dnodplleni : 
S_Sfres((tatodql, djnatiqlleni : 
S_Z(ro4|coe[I. caftfflcni: 
S_ZCrce|dn, dnlen) ; 
s.Zfreo(d«. del en I ; 
S_Z£ree(dd, ddlm) : 
S_Zrrea(dp. dpLeni ; 
s.Zfroetd'^, dqlen) i 
S_ZfrQardd:iodpl, ddaodplltni) r 
S_Zf ceetddaodql, dzicad^l tpr) ; 
S_ZfreetdnQo|f , dcoeffleni; 



•• Corjv«rc a ptlvAt.B iny In-.o 4 public key 
*/ 

BSAPubllcKpy 'PKCSl_Cenv«i-r.Topiibl IcfRSArrlvateKev -prlvj 

RSAPUblicKev *ptjb; 
4Udef BSAFE 

A_RSA_JC£V -k(; 

Ini rv; 
««ndU /• BSWE •/ 

pub = lilSAPijblJ.rKcy-) «lloctl, aireof fRSAPubl IcKuvi I • 
ILfdor BSAFE 
ki « 0; 

B_Creac.Rlteyflb)ect (4pub->tey| ; 
do f 

rv T B_nt!tKcyIiif©i!TOIMTRl!-)skl, prlv-X^y. KI HfiAV^iM 1 cj - 
if (rvi br«ak; 

rv o B_SetKeyInfotpi!'-^<»V. K l..PSAP-jbI it:. th'tflTCR) kii- 
If irvi CrtMk; 

If Irvi 1 

SSL^etErrorf tvi ; 
D_0e3trnvKoyHhJif«;f.Kpub->leHy) , 
S_2f r*!«ttp*jb, sinr»ul (PKAP.)r>ii.;|t*./i | ; 

pub s U; 

» 

telse /' iBSAFC '/ 

pub->key,t)i':3 = prlv->if<»v.bUs; 

nencpy ( pu b- «y .modu 1 us , pr I v - »toy . aiod*j I ua . £ 1 zee. f ( r- 1 b- k . n. >d. 1 1 . ..j j i - 
nenrpy(p.ji)->!(«y.expon»r.t. prlv->k^v.p«bllnExpori«i'. 
slzeof (piJb'>KNy .HKponfln',) l ; 
tandK BSAFE '/ 
r«curn pub; 



Deacroy an oxigtlng p<jbllc key 

"/ 

void FKCSl_D«3eroyPubllcK«yfPSAP«JbnnK«ty ^Xcy) 

tlfdet eSAFE 

B_DestroyKovnb1ftcr(fck«y^k«y) t 
l«ndlf /• BSAFE •/ 

noftMcUfly. u. si leof !PSAr<ib] Icroyi i ; 

eroQ(koy| ; 

I 
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Refirn Mi« nlze. in hits, ot n.he given public kmy 

V 

unslqncd fKCSl.Cofif ubl IcKeySI ze(P.SAPibUcKey -pybl 

lUder BSAFB 

A_RSA_ICEV 'fcl; 

rv = B.CetKeyIntD((C>OI»rrce*Ukl . (mD->koy. KI.BSAPubUt.) ; 
rv 5 Ki-?-mod>j; jfl. lun « 3 ; 
recurn rv; 
teloe 

caturn p>Jb-'>KMy .bl-^ai 
••tuJU 



PirCorn PKCSl [j>jfcllc Koy ormrypr.inn 

*/ 

void rKCSl.FHibUcencrypciRSAfubllcJte/ -p-jb. 

unsignod char *o*Jt. unsigned 'outlen, 
unalgnod char unsigned lnl«n. 

RNCContQxt: •ntgj 

( 

• Ud«t OSAFE 

BJOJSORrTHK.C&l Jilgt 
unsigned p\rKl. {MrL2, nlcn; 
Icit rv: 

alen ' t>XCSl..G4*tPubllcX4ySlze{t»Jbl » J 
e.CroaceAl9orl'-.»»>b]ocr.(&4U) ; 
do t 

tv = B_5«tAlgorlthaln(oialg. Ar_PKCS^RSAPubUc, (POIMTEH) 0| ; 
IE {cvj break: 

rv :i B.EncryFtlnlimg. ptib<>tiey* chooser* 0); 
It (rwl break; 

rv t B_Bicrvptl.'pdat«(*lg, our.. *partl . nlon. In, (nlen, jng->mg. 01) 
U ifvt brfliX: 

tv 1 B EncrypnPLnal{«l9. C'Ji*parM , cpart2. nl0ii-p3r>:! , rnq->cti3, o»; 
It Irvj uiaak; 
) wnUo (0) r 

n_>!}i i.r oyA 1 'lo r I rh»c:b I'trr. u a I q J ; 
fllci » 0; 

U :rv| I 

*a'jcl«n - 0; 

» ttiSfl ( 

'OijClen s pAzr.l . par»:2 r 

> 

■Mse /• IBSAfE 

R_I1ANU0H .STRUCT CtXf 

S«tupRKC{rog, iccxi; 

PSAPublleBncrypr.{Q it, outlen. In. lnl«n. Spub->k«y, «ctx> ( /- IRSauiEP*/ 
•endlt ^* BSAFE */ 



** DEP. Encodtt a p-jbltc y.gy using PKCSl 
•/ 

void PKCE I _Ehcod^piitollc Kay I unsigned chsr '"pK, unsigned -pklvnp. 
^ SSAPtjblicrey *k«y) 

'inclgned chii 'n, •<•, ^dn, *tl9: 
•jr.sjgnsd r.l*in. -vtwi. diil«n, tieltn.- 

A_PSA_KeV •>.); 
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Kcndlf 6SAFE */ 

flfdef BSAFS 
kl - 0; 

B.CetKeylnfoKPOltrrER'Ukl. heyoHey. KI RSAP-ibllcl 
ft « Fl3tNZ(t>:l.,r»dui--»(, tnl«n); 
• ■» Pl3(N2(6kl -*«xpon^.'.. (Ql«nt; 
telsQ /• iBSAFE •/ 

n = PindNZiKoy->lt»y.3i3d'jlu*, ^nlcn, sliwt ifcc/- >\ey,j!i»dul»jti ' i 

DEB_Enc<xJ«Stri*dn. tdnUn, OEfl.IKTEOER, n, nlwi) - 
DEa_EncodeStr(td«, ^Oelen. DEB.IHTESKR 

J». dot •II. 

()| 0); 

!>_Ztree{n, nl«n) i 
S.ZCrcGfo, nUnlj 
S_Zfreeidn. dnletii; 
S^Zfieaide, 

> 



Int PXCSl.v#rUySionAtu:etlnt alg, iinslgn^l char ccr:«t 'but. ..nsl 911*1 Inn 

unalgiird char, const 'rlo, -jriAigned ol^lw, 
^ RSAPjb) U:Kiiv 'piihlCvyt 

Int cv; 
vitder BSArs 

B_AlJC0PJTim.oa7 v«!rJl)f; 

B^CcQaCftAloorltliaOb-'err tAv»>rl Ivi ■ 
do ( ' ' 

rv a R.S^rAlgurlf.l.Hntolvnrity. {^Ig ;:i sSL HW I 

rrtJiMTEpjoi; 

It livt breakr 

rv . Il.v«rlfvlnlt (vorlly. i-juic-v'- •:C.'^:!.'r. Mi- 
lt (rv) break; 

rv . B_v*rllyUpd.ir.e: verify, t msigned char- 1 ft»t . Im. ..i • 
if Irvi br«-iiif 

B_I>a9CroyAlgorl K.hmOhjwt ( tverl tyl • 
iQlae /• !BSArE •/ 

H^SIGMATORE.CTO *vorlfy; 

B_Veclfvi)pdato4voriry, lunalonRd char') b-if, icrii • 

• cndif /• BSAFC'*.' 

If Uv> ( 

sSL^enFrtonr/i ; 
return - 1 j 



void PKCSt_.Sl3ii(in*: «lg. 
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•-copyright *cl . N.tBcap* CawtmlMtlon. CorpoMtitin. All right* 

rea*rv«cl. ThU use o( this Socur* Sockata Layer RvUranca 

!! fopi-owntmclon (cha Satt-MM') la governKl by che tanm ot che SSL 
R«terenc» Inflwitantatl un License AgreatDsnt. Please read tbn 

II « deacrlptlon of che rlBhta granted. 

I, ^L'^^i^' "terlale yeu uae witl, thla Softwre oly be 

II additional license reatrlettona Ira- the llemaors of auch 

CMrd party sot twa re and/or eddltlonal export reaccictlona . The SBL 
laplemencatlon Llcenfte A?rea&ent grants yan no rights te any aych 
tnira party mvrerlal. 

•/ 

• Include "nsIUb.ii* 

strict KDContexCStr I 
flCdaC eSAFE 

B^LGORITHIf.On.1 rkJ: 
■elcQ 

R_DIGEST rrx ani; 
•etidl f 
): 

'ifdel BSAFE 

static B^LC(tPITHIt.HE71tOD •choosert) ' i 
&AKJtD2, 
SAMJIDS, 
0. 

>: 

• eridtf 

MOConieitt 'HO.Ccedr.ttContext (Int type) 
MOCcntexr. -ex; 

...J^. ' (MDConrext'l ^:alloc(l. alzeof (HDConr.extl I , 
■ltdaf BSAFS 

B^CreateAlgorUhnOblsct («cx->fad} ; 

• <lae 

I«ndi7°'^*'''*'*^""'^*'"'"*"^' ^^^"^^1 ' • DAJIDS), 

revirn c»c; 

) 

void l«J_UpdflteiKDCont:ext *cx, unsigned chir 'hnt, unsigned lenj 

alfdef 6SAFE 

fi_DtgootUpd«r.<4lcx->nd, but, len, 0) • 
kelse 

R_DlqeitMJpda'-.q(st:x->ad, b«f, len) - 
t^ndll 
I 

void m)_rir.al (HPCoritoxn 'ex. <inalgned char 'digest, jnalgned -lenpl 
■ltdaf BSAFE 

^^j^fl-I>l9«8CFinal(r:x->ind, digest, lenp, 16, U|: 

R_DlgestFlnal{icx->ind, digest, lenpd 
lenJlr 
) 

void KD_UetJCroyCot)r.9xciHDContsxt ♦ejtt 

llfdet BSAPE 

R_0c3troyAl9or I tm>Obj«nr,(scx->Bd) ; 
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■cndll 

nmaecfcx, O. alzFot iHOCmr.exti i ; 

1 
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" f!?^«!!l^ 'Si.'"^- "«'"P" ComaunlCBtJona Corpor«cion. All ri^hce 
iMerved. Thl« w d rMs s«=urQ Sockets Uiy«r Fof 

8»f«t«nc« mpicmcntatlon License Agravnanc. Pl«as« r«Bd the 
• • <*"«lptlon Of the right, gr«n«d. 

f^J^ iMltloMl llc«i3« eostrlctlone fcon Ue Uceneocs ot such 

.* I'iif^ S^f^r.^'^y*" -ddU.lon.1 export reaerlcclona . The SSL 

*/ 
/' 

MM*<-r" ""^ «*P 'JP lo 1 IT.CS7 ContnnMr.to 

•/ . 

vnM rKt S7.Nr.ip(.if.sl()r(Kl char "dest, -malgnei! •destlenp. 

•:r.sIi;nHi! char 'rawoid, unsigned rnwoldlen. 

unsloned ch-ir 'rrc unsigned srclen) 



'inslgnad ch«t -old.- 
■irajgtwrt old J on; 

«tc|0| |> OER COMTCXT.firECJFlC; 
DBP.EricodeSeqrdesr. aesclanp, y, 

niven a F-ltcs? Concontlnfo <fb3«:t. u„w„p U Into Jt'B old «id lUta 
..aRpotienis. c^i.Ur cr.ot:ks tho old for '.he type □( r.he data. 

Ini rKCS-J..»:jw„p,,i„algned =h,r -oldp. 'mslgned -oldlenp. 

'inolgnad char "'datap, rtnslgned 'dataletin, 
•iriBlgiiert ch*r 'src, unsianed arcleni 

I nr. rv; 

I - y IDI . ty pM - UKR^OBJ F3:7_ t C : 
:«VUI.Cypft ! CERJ\«Y, 

ty -. DEB_Oea«;crS«qi*iayti)|. 2. 0, nrr, jtrclenl • 

II Irvl return cvj 

•oidp t lunsl^wl chaiM willocdiyioi . itewLeni j 
oemcpyroldp, layld . Uea,. Layl 3) . I r.«aL«aj ; 
•oldler.,. - l^ylOl.li.emuen; 

•dfltap ! fjnsjgned ch«r»i nfclJoclUyH) ,UeiiiL«ii i 
m«ncpy-(*.iar*p, UvUI.ltwa, l»yt 1 ] .ii:«imLenn 
•Cai-^Iwip % l^ylll .ir.cnLen: 
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Copyright: i'*95. tJqtscaps cooaaunl cations Corporation. Ml rlejhna 
" reserved- Thlo un* of this s«c>jr« SocX«tD Layer Rwfarenee 

IiLploncntfltlon ttha *So(tw%ra*) Is gov«rnod by cho tarn* of -.hfl SSL 
*• f)<?(firenc« t»ttl mwntacl'xi Llcen««» Agreamsnc. Plsaoa read thn 

arcnnpanyinq ■|.tcensi>' fUo tor a dftflcrJptlnn of cho rlgtico granted. 

Any or.her third party micorlald you U8« with this Software iiay b« 

subject Lo Additional Ucsnsa castrlctlona Cron th© Ucansori* of cuch 

third parcy aorcvqro and/or addlcienal axport r«ocrictlOM. Tha ssr. 

tapJonentotion License AgrattiMnt grants you no rIchtB to any such 
*♦ ^.hlrd party o?irf»tla) . 
•/ 

tttncluda -sf ; 1 |b 'i' 

»deflno jtSAOST iixza. ::x96, ox««, cxae', cxi7, tixoa 
>datlne PKCSl tlSACRi, r.xOi, JxQl 
irdeflnw PKCS5 P5A0SI, UxOl, 3x05 
• da fin*- FKCSl -/SAOSI, -JxUI. Oxti? 

static 'jnslguBd clw.' pbGWlchHOSAndOEScbrl I = t PKCSS, 0x03, j 

sratlc 'jnslgned char maEncryptlonl I » { PKCSl, 'JxOJ, 1 ; 

Jf-JtU- 'mtilqnod rhir ftncrypr,«;tlPi IvateKoylrfol I t I PKCS7, OxQB }■ 

■ICdcf 3SAFE 

stable B_ALCOaiTHM MK-n!lil« 'cfiooserU • I 
AAH.KD* .JSAWDOM, 



wrlt« 4 private ti«v out to ft iLln using PKCS7 ;ind PKCSS. US« PKCS7 to 
" l!^^-?' "^^^^ 1« typed for Utar reading. Una 

PK1.S8 EiiC[Vpt.*MJKeylr.to for actual kwy storage. 

void PKCS»).Hrl»:nfrlvai:«K«y(PTIJ? -*wt. ?KCSbr«y '^key. RSAPrlvateXoy 'k«yt 

■inalgr.od uhar 'rplc. 'p*-., 'pkold. -null, "pkald, 'vara; 

unoignad rpKlwi, pklftn, ptoldlcn, nulll«n, pkaidlen, vurslon; 

'jiisignfld ahar Mrtra. *rowencdat«. •^ncdata. 'old, -pbop, 

'11151 gnad *r.r,rrtion, pit lien, t-twoncdatalen, isncf1;ii.alBn, oldlen. tbeolsn- 

•iiisljncd cn-it -ilald, -cpkl, -tlr.ali 

'ii.fllqrwd ;>lql.jl-fi, .ii^Kij"n. rinaHftOf 

/• Extract diid prepare key inforwitlon •■/ 
PKSl_Encodt)P( lVrtt,«Kf!ytScp)r. Srpklen. k«y(; 
oeB.Er>ccdes?ri*pk, tpkiwi, nEB.ocTET.STRrwc, rpK, rpkioni; 
fi_Zlf««irpK, rpKl«nir 

/♦ Encode prJvateKQyAigorlthra •/ 

DER_Ent:odpS».f ttpltoid, fcpkoldUn, aER_OBJECT_ID, 

rsaEncrypclon, ulieof (rsaEhcryptloni ) ; 
PER.EncodeStrfAinyn. *nulllBn, DEJl_mJLL. 0, DJ; 
PER F.')f:(Ki'2S<-q(6pkaLd, *pf:oldlen, DBR_COMSTRUCTEO, 

pkold. pKoldl«;n, 

r-jll. riulll«n. 

n, tij : 

CtettfpKOldl ; 
Itewlnitll I ; 

/• Encodtt Prlvar-Keylnto using PKCSiJ •/ 

DEP. Encodern'.ltuaca, *veralBn^ DEH_ I HTECEH , 0): 

DER EiiTOdeStrHat.r.rf., fiar.trslen, DHR.COWTEXT SPECIFIC. Q\ ■ 

L'ER Kri-iflcSftqtipfcl, ipkllan, OER_COWSTRUCTCo7 

vers, v«rilen, 

pitairt, pkatdien, 

pk. plttrtii. 
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0. 0] ; 

f rM(v*is) : 
tCftelpkaldl : 

Cc««(attr0l ; 
>lt 0 

(FILE » f«P»n<*Ftxr-pkl*,--'| r(wtl».^(p(ct. M«liBn,tl:fcloo«(fl:; 

/' Mow mctypt cncUo PrlvaCeKeylnra >wtntt press •/ 
Mwcncdau -r (uncLgned char-t nwl locipkllen ♦ P| • 
PKCS5_EncrYpt|efcay, r*wRnc4lta< *ra»«wic()at»i«n. ptl, pkU«ni) 
eE»_Bncod«S«:rUencda'.a, toncdatalen. IJER_«:TRT STSirc. 

rawwcdat* , r awwicda i en f ; 
S_2frM|pkl, pillion I: 
S.Zrrantrawaicdata, r ivwiL-dHMlcni : 

/' En coda on=rypclonAlgorlthn •/ 

OER^CoceS-.rttoid. soldi CEH_OBJECT.lD. phaHUJiMOSAwlORRrtw, 

slzesf IpbcHlthMDSAndoeScbc) | ; 
PRCSS.Encod«1«k*y, 4pbep, 4pbepLenl : 
DBR_Encod«SoqU algid. tJilgldlen. OeR.COMSTRUCtED. 

old. oldlcn. ptoap. pbepl«n, o, 0| ; 

(ras(Qld) J 

S_2fre«(pbep. pbflplen},- 

/' Qicodo Eric ryptRdPrlvateKay litis v 
OEB.EncodoSoqifiGpkl. tcpKilen. RER .coNSTmiCTED, 

al9id. algldlen, 

anodata, tincdat4l«n, 

0, D] i 

frMlalvldi ; 

S_Zfr«altfiicd«>;a, encdAC* Itmj .- 

/' Pinally. wrap r.rta wHoie tiling -islng VKosn »/ 
PKCS7_WraprtClnal, ft final Ian. 

encrypcodPrlvac«K(iylu:o, slioof tuMnryncedPrt v--iteR4v!r.rai . 

cpKL, epkllftn): 
S_2fc««lwpkt, op'Klleiii: 

/* Write orjT.puC "/ 
twclCe(ClDal, 1, flnallfln, wKl : 
treel final) : 



tlfdet BSXrt 

acatlc void xr«t tITEtt DERMyoct May) 
•jnslgned tlm.. olen: 

hlan » OHH_c«tMe«d«rC«miay->li#!rt, £ul(tni: 
d->d4ta = Uy->>lt«n> • hlenj 
d->lan « clen; 

J 

• visa 

at«tlc wid Zero(-lUl'jn3l9ri«.l ctwc Most, liit d«tl«)ti. (tBRLayou*. "Jiyi 
unsigned hlen, ol*tn; 

hlon • DEH_MtH9ader[,<uillay.>|r.fltt. teUnl - 
Ban««t(d«ac, 0. dOBtl«n; ; 
^ mmcpyidesc . rlestlw. • oUn. Uy-nton • hien, olm) » 

iendir 
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PSAPtlVir:«f(ey 'rrnSfl. (!„dPtlv^i«Kcy IPTLE Mn, Char 'pwi 
'malgtiBd chat 'hiir, *old, 'cpkl, 'pkl - 

pSlK:J?;Ji^* ^P'^i'-' P*--"*^"' I':e«r.to„Cc....: 

ItSAPrlvaCRKey •x*v 

J^S'Csir"-""- -'-•""'^l- «*'«'<"'i- P-'-y-S.: 

•ifd«e DSAPE 

l«ndU 

bu( c 
old « U; 
epki = u; 
Pkl = 3; 
dkey r O; 
koy - 0; 

bul » (unsigned char'i raalloci J OOOOl i 
b'Jll«n . freadllrjr. I, lOODO, ln| ■ 
It (|lnn)l)<jtlen <t C) gaco loilor. * 

/• Flrac unwrap pKcs7 wrapper •/ 

•L?*!V.,m 'I"* the EncryptedPrlvAWPteyinfo •/ 

!S ? •'-^^^ ' cep_seQUEWce | deb.consSuciIo; 

«pKUoy|||.h.yF« » !>ER_oCTET STRIJOC. *'i^«tiJ, 

PER.t«:odcS«„*«pxlUy|0|. J, DEH icHTCXT.SPECmc. •pKl. opUlen); 

/• Taka aparn nrw erxtyptlonAlgorltte •/ 
•^IgldlOJ .r./|Mi r OEH_OEJECT TD; 
algldll f .tvpa » OSR_AHYj 

/' ChccK ^nrrrypilon Aljatlthra -/ 
It [ (ilQldrOI . Uenld] itUxU6| }| 

Ulgldiui i« slzeortpbewIthMDSAndDEScben II 

slzeoKpbeWLthHDS/JidOBScbcM Q}\ i ' 
wrong dltjcrllhn Id v "-"Mi 
•joto losftr ; 

) 

pbsril.cype - CEn_lWE!JER; 

DEH_D^O^,Se.,Upb.i|C|. 2, 0. olgid(I|.lc«,. OlgldHI . lr.«„Usr,l ; 
/• 

** Const. rtjcr. Mtw.'rvpiion key. 

Iterauoncouir. = DER.CetlntHgar ipb^n I . Item • 

/• Ddcrypr «ncrypt,d02i:« to rov«l tho Pt lvateK«yln£o •/ 
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IC (plClIOl (» (DEfl.SeoUENCelDER.COWSTPUCTEOIt t 
i* Probably a bad password 
9ono ln««r; 

) 

/• Tear appart rhu Prlvat«KoyIr.(y •/ 
pkl Lay (01 .type s OER_lMTOCERi 

pKUaylU.typ« . DES.Se30EKCE \ DE3l_C0KSTPIIL-PE0; 
pkllayiai .typa ■ DER.OCTTT.STRIxi;: 
pMUyni .type - OEFUWT; 

0ER.DccodP5;«qUp»in«yr')|, A. 0, pkl, pkileri); 

/' NakQ 8>jre It -a version 0 •/ 

varston « OER,c;«r.Int«ger(r*lUy|'j| , Uoni; 

il iv-ursJon !« 0) ( 

> 

/* Tear appjrt prlv«»:#K«yAtoorl-.tJs •/ 

pkialdlOl .cypa = OER.OBJSCT IC: 

pKlaldlll .T:yp« ^ DER^ANT; 

■ If UpkUtdlOl . ItvalOt li Ox06t It 

fpVlAldlDj .it«nii) l» aUeot(tsa£ncrypclonH l| 
:iaei«rpitpjclatd(01 .ItonOJ. rsaEtxcryptlor., 

«lieof{rBaEiicryDtlon) J !» 0>) i 
/» Wrong algorithm Id ■»/ 
30tc lonar; 

\ 

n Toor appacb privar.eK*)/ and coRScruct PSA pplvatn k«v 
k«y • lRSAPr|vat«K«yM ciUocd, Clzeof (BSAPrlv;,i.PX«V) I ; 
Cor (J « 0: I ^ 9r i..) 

pklayin .:ypQ « t>HR_rMTBGER j 
1 « DER_GotHaad«rU«itpkiUyrJ!.Uein, AnocusedJ ; 

xr»r[Kkl .Boduiiis, *pki«yCll); 
XCarfskl .publlcEjtporwiit, *pKlayl2i;; 
)tf«r(ikl -ptlvateExpooenc, hpklavu; t ; 
Xrecrtkl .prlnalOh fcpklaydll: 
xr«r|4kl.ptim«|ii, ipklaylMI; 
Xteriikl .prlBwBxponaii'.lOl , tpKlayCtp • 
X£ertskt .prlmeExponen^ I i I . tpklayni • 
Xfertdel.coffetlclent, 4pkU/|6l] : 
fi_Cr<aCeKavobj«cc(&kQy->key) % 

B_SetK«vlnfo(k«y->X«y. M_PltC.1.SSAPrtvata, iMINTER} V^U- 
manaatukl, t). «li«ot ikl i ( ; 
false 

1 = OK_GotHcadnrLea!pkl«y|I| .lt«n. Snotuaed) j 
key-ykoy.blts . pklay u | . itemLto - 1; 
If Ipklaylll.ltemai « OxOOi i 
k*y->kQy.hit3--: 

J 

kay->k«y.blt« «« Jj 

ZeroF 1 |*k,y.>k«y.txpoiiBMI01, KWt.fiSA_W0DUHJ5I.LE», ip|[livtVl>. 
Zo«J ««-«SA-PfIlKE_LEN. *pkl" M ' " 

l!^«PM "".fSA.PRIKE.LEM. spkHylH); 
-a^r JJ*''*?'^-^'"*'??!'^*"*"''-' ««JSA-?RIKE_[.EN, epklhyi;|); 

»«ndiC "^'^ ««-«SA-PBt«E LEN. tpkUvl«»li- 
goto U«r«f 

losert 
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ir i)t*>yi PKCSt. ir-oirovPrlvocaKcyHtoyi : 
done: 

wcwMtlepkl liv, t), Bl=«orfepK]i4yi J ; 
(ne»«at (algid, 0, sizeul (algidi i ; 
m«m9ec.tpoe, o. sizeaf ipb«) i ; 
ttOMocipxlUy. 0, «i2eot(pkll4y)> ; 
noBsecipkiaid. a, slzooIipkUld) i : 
aenBeciphlay, 0. iiieof (pKlay M : 
U IDurj frmlhut}; 
ir (old) fraelold]; 
11 (RpkJ) S.Zirealepkl. ttpkll«n); 
ir Ipkii S.ZfreelpKl, pKn«m i 
1( IdkfiyJ PKCS?_>ttitrayfeMyf<lX«y»; 
rOTum t'.'^y; 
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/» 

copy tight (c! J?9S. N«tscap« Camunlcatlonfl Corporation. All rlqhcs 
raatirved. This -jsw of this 5«cure Sookou Layet A*i(erencc 
laplanenuclon i t.n« 'Software'] Is gov«mecl by tHe tenaa o£ Ch« SSL 
Bflteronee InplenentBtlon Llcenaa AffroefflBnt. plflase read tne 
flfieorapanyJng 'Llcensa- (lie (or a doocrlption of cbe rights granted. 

•• /Jiy ochQi third party oatdrlaJs you use with thla Snttware nay be 
BUBjocc ra Jiddltlonal licenno reacrlctions from the licensors of such 
third party sofrmr*! and/or additional «xport rescrictiona. The SSL 

•* TRplooentatlon Llcansn Agreeoen*. grants yoij no rights to any such 

*" third party iMtttrlnl . 

•/ 

flncltjda 'fsLUb.r.* 
ilncl<jd« <t«mlc3.h> 

st^nit: V.I Id «chu;:f i'lnl td) 
t 

'. r llsattyl tdi I I 

Mtruct tetmloii rio; 
tcgeui' ».rf fd. t'llol; 
tlo.c.lil'ig (- -ECHO: 
rcaetattrrtd^ TCSAPl/JSH. ttlo); 



Brjir.lr w:ild ocbatln I ! r;^ fdl 
( 

If (laantyitdn t 

tcgaUitm Ifc:. trio); 
tlO,c_l»:a7 ECHO; 
'.rserattr ltd. TCSAFLIISII, ttlo); 



clwir •s.r.fttPasswordlnJwir 'p coop*. I 

fTI.K 'In, •OM-.. 
caai b>i r I laij'.i ; 

In - loceni •.'•i-3v/».ry- . t'I: 

3Ut - f X«nl '/<J«iV/'-t y*. •>••); 
ach^Ottttll-v.ninuM < : 
for ij:) ( 

tprlntt fo'j'., proTipr): 

ff ltj!ih(o':t: ; 

^CIOI 1 >): 

fgeca|b*Jt. r.l2tionh<if l , In;; 
fprlncf tO'jt. 'Xn'i; 
tf (b-jflt.'U Stea^ti 

J 

echaOnf fll^nn.'rot)) : 
tcloijoiouti : 
(close I In) i 
r«f.'trn 8<:rd>jp(t; it I : 
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Copyrigh- fc> K>csr.apo cwmunlcat Ions Corps ra>: Ion. AH rljhts 

" rflsor^fttJ. ThU -jso ct this Secure Soclceu Layer ftftferenca 

ImplemmtatUii (the -Softwars*) la governed ty cbe tema of "iha SSL 

p«f«ronco Implefflcntetlon License Agreement. Pioa&o r«ftd th9 
*• accon>p*nylng 'Uiconse' Ule £oe a description of r,he righto granted. 

Any o-ihsr lUlrd party ouLertala you use with this Sofcwara nwiy b»» 
'* subje=t ro uddltloMl Jlcetaio roscr legions from the licensors or niir.h 
*• third party r.nfrwirQ and/or addltlonol fixporr. restrictions. The SSL 
*• ImpleBientatlon t.lcons* A9r««nwnt grants you rio rlghr.s ra iny c-.ich 

third p^rry wCwrUl. 

'f 

llnelud* -iialllb.h- 
itnclttds <avs/tvpcr..h:- 
• lncl)Jda <nys/-it>iy.\\> 
•lofThnl'i "-ryo/nrjtt , !: ■ 

klfdef BSAre 

fl'.=iMc U_ALCOf^I'n^h,Ht^^WP VhoonnrlJ r r 

u, 

) ; 



MOTEr b*c-us« PSAREF do«si,'t export B.CenerawaandoaByces. we hove r.n 
taKe etir o«n g<>ner4toc h»«. Una eoaething baaed on HD5 t,hat fitould 

" be gccjd •no';nh. Nn analysis o( tha socurlcy et this genaretoc has been 

»' oono. Ho w-iir^nry txpreacod or Inpllnd, etc.. 



*• Create a n*w r-tiidvia ivjmoer generator. 

•* :f ro iecd Is passed In then i% Is 'randomly seeded. 

" Few nyst-tats J.ivfl ?oofl ways to do this so try Ko gtz 3o«e 

-* external 1 liilorm-ti.lor. oenld*fS jiiit t,h« r.iine ot diy to <jofl. 

mxifonrpxt '?ir:.(',-.»r.fCcn-ext('^har 'pseed, Ip.t ceedleni 

str-Jcr r|iu»»V4l nsw; 
srr-jct tUajiorj'. f.^; 
Int pid. i.<pld; 
atrjct St -It ti-, d'lv. t-itip; 
tjfndot B£AIT 

ijnsigned aw.Mfin: 

R_r>ICES7.CrX dlq-ist: 
lendlf 



ex = {BW:Can</i)Cf: .-.illocfl. Slxeof !RI«5ConteT(r.M : 
II (dot BSAFE 

B.CreataAlgoi IthnObloct IScX >tiigi ; 

B_SetAl9orlthmlnlo(cx->cn9, AI^MDSMnfton. |F01HTEn)0; 
B_H«ndon[iiJrt';x->rr,9. ::f>ftos«r. 'J): 
•-ilee 

ll_UlgflBr-.tr.lt t^Jlqcc".. OA_HOS» i 
tAndit 



1 f I psew-j t I 

tifdoi ssape; 

B.It«ndoini;p.j«t w(cx-»mq, psuwd. iiipdlcn. 'Ji • 

fl_51ges'.l)pd«t-:4dlgost., psoed, saedlenJ: 
B_t«iri*s'.Fln^) (Artla^ir., cx->sta-,e. fcjr,a(:,i«ni • 

•*niJl t 

.'* Gv. dor.i f^z seeding the qen«r4tor '/ 
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pld « ^ecpldtl : 
ppLd s gfltppldl); 
atac(*/bin/l£*. Ha]-. 

SCaC( *f't3Dp* , trsipi; 
tltdat BSAFE 

B_ll*ndciaOp<lat«i(c)(->in5, ;mi3l9n«d ch4r*l tncw, sltBOC (row) . 0) • 

»-5*"?I!^!!^*" t'^"Un*d chof) iypld. clzeoKppldi. .it- 

BJando«dJpdat«<cit->iMg, t unsigned cbttf: tU, a l-icnt (Hi; tJi : 

B_R«ndo»lft>d.ir.«(cx->rng, Kinslfnad char*) «dov, alieof r<J«-^) , Oi • 

BJiani*)ftUprt.ir,lcK.>rn9. !'iTisl,N«d eh«c» i *^j»p. sls^M^jipj. n: - 



i«ndl£ 

) 



A.Dig*8Uipd«to:sdlgffiii:. hjn3l9n«d ctiac- ; tnsw, client (now n ; 
R.0jg«tl pd*i«lidlqo3C. (unalgned ch,r-| ippM. a IzauHrevidl i ■ 
RJIgMrttpdatQitdlgwBL. (unslgr.ad eb«r») «(iiv, »1 zbo( idsvl i • 
B_0Ig«stFlnfliaili(7esc. cat .>«r.4tQ, taf.att) mr.i : 



static void Iiicl JnclqnBd rhsr 'b-jf. Im. lenj 

Int carry s il; 

while Clan} •' 

U (*bur 2551 : 
=arry - 1: 
•bof.^ - 0; 
ten--: 

•baf r -if-jf • 1; 



>LfdGC BSA7B 

^^^^B-<*en«r«''-»R«K(lon8y.«K*cx->rno. im. 0); 

R_DIGEST_CTX dlgeiJtr 

While (lenl ( 

II (c]c->8Crean)en -= u) f 

R..0l9esettiU4«dlgest, UA_«05lj 
R_DlgeacUpdat«UdlgBit. QX->*Mtie, 16); 
R_DIgi«if:F]nallLdl9Mt. c:jt->9tr«». <rx. n,- rcanHni ; 

/' Incremun!: srate */ 



void (tt«l_DMtfoycont«'-.iBri:w:oiu.exi: 
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•ITde; USAFE 
• ••itrtJ f 
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• Capyrlghc |c| !9fll. 19«. 1994 

• The Rogon'a of tti« Uh I vera Icy o{ Call (am la. All eights reserved. 

! ''•^J = --'"***'JClon «nd -iSQ In source and binary fcms, with or vlchouc 
oedUlcat-lmi, ar^ penrijr.t«d provided r;h<ic the following condltloas 

• -ace met I ' 

• 1. aedlDCrlbutluia cf sourca code must retain the above .Mpyright 

- t S!3i-f'.. .f '^^f condtciono «od cho following dlaclalRer. 

Hcoiatt ibu .lons In binary fono ounf. reproduce th« above copyright 
notice. tblB ll« cf condlclono and l&o following dlselAlmx In the 

- 1 Jf?**T'*' °? •«t.rlBU pravtdsd wltb the distribution. 

- i ^"^ "2 mentioning leaturea or •»« cf t.Ms software 
m-j«t display following ftcJmowledgemenCi 

This prod.jc'. irxludea soCtware developed by th« Unlv.relty of 
, . .. Berkeley and Its contrlbutorjt. 

. i!"" ""iveralty nor the na»ee of lU concrlbutota 

without «pccl ric prior wrltttm pentleslon. 

I rJi%fS[«t''«„*f J""^^"^" ™= ''^^ COHTRIBUTORS "AS IS" AND 

I ^r™"^^ IMPLIED WARRAHTIES, IKCUTOIIG, BUT MOT UHITCD TO. TME 

- ?Sr Sif ri^.JSl^-^^ «^ CCMTRJBOTORS BE LIABLE 

• SJ^ISirJf 'fJi?';.^.*'"^ "'"'^ PnO™«EKENT OP SlfflSnTUTE MOOS 
I SLtt^f^ ' ^^^^ °* PROFITS ; OR BUSIHESS IMTERBUPTICHI 

LIASILITT. OR TORT f INfUIDinC HBGhKeHCE. OR OTKERMISEl AfUSINB r« iiOT vLv 



»lf doilnadiLiBCSccsi «4 idef inedfl Ini > 
•endLt /• LIBC SCCS no^ Un'. '/ 

■ Includa -:ty«/paraa.h.. 
*lncliidtt <syi)/»Dck«*: .li « 

tlnrlnd'j <n^'",lrtvt,/lt;.li • 

(Inct'lde <ltp4/ t [!><•. .t] • 

■ IncltJde <slgnaj.h^ 
t Include <fcncl .ti> 
tlnclud4 <netdh,}i» 

f Include <onlsrd.h> 
llnelucl« <piyd.h> 
Unclude <emo.h> 
• Include <atdlo.{i> 
■Include <ctype.n> 
•Include tstrlng.hv 
t Include "asl ,t^■ 
llncl•Jde "salUb.li- 

■tfdcr »i 

t Include <h3r.rlnq.h> 
•ondlf 



Vitdef M).S7TERR(i|* 
r.tMT •,Trbij;|IO| ; 

Char * 

stcorrari 111*; em 
( 

sprlr.tf (irrtfjf , '^d*. ^rt): 
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fendlf 

exccrn Int rrosvporil Inc 'pon, i; 

S5LKandI« * 

SSL_B a»d (char •■Jiliost, 

IjJC rporn, 

char 'locucer, 

char *r«nuser, 

char •rar.tj, 

SSLHaridte ••hip, 

lot i:|M4>:otl4CK: 



atpjct 83c)taddr,.lr sin. irr^ri; 
r<l_ser rvadsf 
loni ot A^sk: 
pld i pld; 

inc s, ipott, 
char c; 

SSLHardlM 'h, •1;;, *h2: 

pld T getpldO; 

hp = 5"tho3Cbytv»ifi«(»ahr»«ri; 

it mp -= NULL) r 

•ihoBt = l(p->h.nane: 

oleJiMBit ^ SlgblockislgsiBsk/SICtJRC]) : 
(or (tltao » I. Iporr. = TPPonr.RESEHVED - i-.i r 
V » rrosvporr.(A)pu;rrj , 
If Is i: 01 ( 

If l«rrrK> PAfUlNr 

(void) rpclntlistdart. 

'--cnrfi socket:: All parts (n 

iwJd]tpcj,,tftand«,r. -roiwi, rtr,r<^r . 
K':r«rrcrf.*rrroi I J 
itlgsfl^tMsk taltlfxfjKt ; 
rfiC'jrr :iit : 



<tfd«f _h?'»x 
>alse 



iOCtHtl. SICCSKRP. pld}; 

tundlf nil: 

11 = ssL_Creot«lB. croaT;eCiagj); 
8ln,iilii_fari]y , hp->h_addrtype: 

" '""^"^ •'l.^.d.mn 

IV0ld|ClO;:ain| ; 
If (errnc bs EADDRrNUSE) ( 
Iport--; 

i 

le (grrno == ECQKWBFUSEO 4t tlma <- ISi i 
(vold)r.lo«piriKcJ : 

cctiMt,..«, 

1 

It »hp'>h„*-Jdr_Usr.| 1| ts siiLLl I 

Int uirrnQ i orrno; 
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1 n« thecal sin. a In.Jiddr} ); 
errno • oarcno: 
perroriOt j 
hp->h_»ddr_Us«:t^»i 

«e»cpv(fc3lD.fltn_ocMr. t)p->h_yiddr .UsttO ) . Iip->h length)] 
(vold)fprinCC(scderr, 'Trying is...\n». 

lnat.nt:natslrt.sln..»rldr] 1 ; 
sontlnuot 

t 

;voLd) fprlncf tstd«rr. -tsi %»\n*, hp->h_n'iBm, str*rror<arrr.o}) ■ 

» 

:if i;SL.H4ndi)hak«(h. SSLJ«N0SHAXE_AS_CL1SWTJ < » » C 
p^rrorl •5SL_R«7»d)t»ndshaR« f^l l«d-i ; 

a-tro tj«d; 

I 

Ipof-- ; 

If rii2p >i 111 ( 

rpoit- * L'j 

char niintiil .- 

Int. a2: 

Int iutt B slzoof ( trsa) ) 
s^ru',•t sock«d<lc_lt. backcln; 
Inf. xlnlwn; 

» rrQsvportt»lpocci : 

1 r (s2 < C) 

goto b4d; 

n? . !iSl,.Ci««CEtt!i2, cr«it.«eiaqtsi : 

/• KXy. - .i««nd a bind mess49a to so=kd •/ 

If I I :)2-;»crMt«FUg6 & S5L_PR0Hr_HASK ) SSL MO PBOXT i ( 
It 1 ssL_Blnd(h2. tbocttaln, ulzoof fl«ctcfirntr 
sln.3in_addc.B_*ddri < S 1 t 
If ( 'h2.>sncks-*<JIr«ict i| tirrno 1- EUm^ i f 
p«rrorCSSL_RcindjS'SL .Slndll M; 

qsto bad; 



f:los«(s2) : 
qo?n bad; 



)void)«printf tn"an, nnoliait«ckRiti.sHi_porr.i ) ; 

It IS5L_Wrice|h. mm. sttl«n(n>iini •!) i, »!.rl«n(rp«n • 1 1 t 
(voldJfprln^.fUcderr, 

•ccttdi write (3«ctln9 up stderrii *fi\n-. 
str«rrori«rmo; i j 
;voldicios9is2) ; 
goto b!id; 

} 

FD_ZBRO:*c«ada) ; 
FD..SETI8, 4»adsi f 
F0_SET(n2, ArttftdJil; 
••rmo • 0; 
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btd2: 

bad I 



ivold)iprlntJ(ctd«rr, 
ocrBrror(»rifiol ) : 

eln<i 

fvoid»Sprlnc((stdert, 
^ qonct Dad; 

w«:.f^^ci:^;j?!'=- ^-^^^^^ : 
If (i.-j) .• 

(Vnidltpclntf :9f:d<»irr, 
■toto iHd: 

t 

•h2p = .IJ; 

f^T ' ""»'«'("-«hort)frcm.slr,_por»i- 
If I t !.1>*>flcK:Jta->dlrect ) « . 

(frcm.sln_fanilly •= Ap fMCT || 
froia.sln.port IPPOftf .RBSERVEtJ '| 
rroo.slrj_po« < IPPOBT.RESERVED / J| | f 
f.*old):princI {atdatc, 

t 

I 

fvoldlSSI-.Wrlncn.. :oc.«»r. sr-rlonilociaer i . 1 1 . 

I f tSSL Rt»tl(h. tc. 11 i« II 
(V3idjipr:nr.rtctderr. 

] 

If C= !i Ui ( 

(SSU_R«ad;h, ic. II r, I) ■; 

(TOldlwritaJSTDERR FILENO. Vf- I'- 
1? (c -TT '\a ) " ' ' 

^ tiruk : 

qocs Iud2: 

return (III ; 
If (Iportl 

(VOldlcloSflOll-Vtdt ; 

(voldlcloaefs); 

8l9S«'-JMak(oldT.»ltk) ; 

iflturn (01 : 
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Copyright (c) . N«csc«pa Ccamtnlcacioiu Corporaclon. All rlglits 
*• r«5erved. This -tftm ot chla Seoir« socksta Lay«r ReferencQ 
*• Inplemintatlati (th« "SoCtwar**') la 9ov«rnad hy ctia wma ot th« SSL 
" ReterenCA Inplmentstlcn tLccnss Agrestnent. PlaaM read tb* 

«scnmpanylng -Llcens*' (lie tor a description ol the rights granCRd. 
Any othar third party nxterials you use with this Sotcwace niay b« 
subject tfl addl clonal Ucanite reatrlctlons fron the licensors of such 
third party software and/or additional export restrict Ions. The asL 
•* rntplonentatlon Li=«ns« Agre«ment vranta you iw rights ta any 3i:ch 
" thlid ptrny ii«!-.<:rlal . 
•/ 

I Include 'jsiltb.tt* 

9».ntct PKCSSKoyS^r : 

'molgned nhar h«vl>>[: 
•tnstgTiad char i^ltlWI ; 
•in»l9nad char iviei ,• 
lilt Iteratloncotinc; 



•» C4iti(irqte a DES key ualn? PKCSS 
•/ 

PKCSSKi^V 'PrxSS n*n«iar.oK«ytch*r 'pw, cr-ir •s<ilt. Uit 1 teratlonCo'Jntl 

PKCfiSKey *k; 
unsigned hash I en; 
unsigned rhar l-.ishfKI: 
KOContezr'. •m'l; 
Int L; 

k T (PKCSSKtiy*) callgcU. olzeof ( PKCSSKify) ) ; 
^•>lcerar. lon'JO'Jht ■ ittr^cluuCnunt; 
ra»mcpy|k->«al f., «4li, 9) i 

/' fTWierata kny and Iv *ti par FKC&5 •/ 
for Jl » I): J < I twraciont'ow.; i 
Wd = KD_Cio it<ir:nnC"xi'.lSSL_H05( • 
U (I 'Jt 1 

KD..tip4it«{nd, pM. stilentpw]); 
MO„Upair^rB»d, t---nalr,, .Tlzcof (k->a.ilt| ) ; 

HD.rip(idt-*i(ad. h.vih, haahlcn) j 

) 

HD^Flnal (Did, huntt, (haRMeni : 
HD_D*8troy:;ont:«x- indl ; 

> 

nencpytlc->k«v. hash, f;l2O0f(k >hey) ) f 
pemcpyikoltf, h^sh'ii, olj*ot ik->l vi i » 



vrjld ?KCRS_MscroyK<3y(PKCSSK«y *key) 

o«aseLtk«y, i>. vlzoof i pr.csSKey) J ; 
(re«(key} : 

1 

/• 

I* Encrypt a blo=k of d*»-,.* 'titJnq PKCSS nr.yls wcrvptlon 

v«ld Frcsi.Enrti-F^.iPKCSSttay -k«y. •jnalgnad char -o-jt, 'inslmcd 'o'ltlin, 
^ ■iiialor.ad rhir 'In. inslgnad InUn) 

t:ESCor.*«r *fJts; 
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unslgnftd pnct; 
unsigned chic (•nnl(9i: 

*ouci«n M (iinlin ' fl» » ,if K< J: 

dss « DES_CcaAr.-(:ont.vxi:(>c#iv-->.ko/, >:«y->lv. 11; 

while r mien >* «j i 

Des_Eiicrypr. (des, euc. t.mtK, In, 8): 
In « ^; 
0U1 .= H; 
Inl-m .T N; 

» 



(n«mcpytf)n>il, in. Inlir.ij 
wemsern lln«l-jr.l*'ri. a inlon. ? Inlpn): 
DBS„Encryptide5, uol. tp-irr., rirvjl, ii: 
t>ES_D«« r coy Con r ex r. t chs i ; 



*• Dacrypt « kloclc ot daC^ using PK:S5 snylfi «nrr',T*.:on 

void PKrs5_C«crypr.)Piics5Kev 'Itoy, -inslgned char ♦crj^.. .inalgned 
^ tttifllgtind cr.fr 'in. >inalqned inleni 

BESContexc •d«; 
•jnclgned jirtddin?, part; 

des s DES_Cc««teCotit9Kt (itev->)(«y. «ey->lv. ui ■ 
0ES_DecrypT:iae5, CJC, tynrt. In, Ir.Uitl ; 
OESJ)aar.rDyConcexird«fli i 

padding » oijclp^: r-i | j 
*ouLlen » Inlen [t«ddlri:r; 



Trfineraw OFH •fnccd««J k<iv lulcrnwtrlofi 
void PKCSS_vn=o*i(P»!CTS«;r«y 'k5,y. .„-.ulgf,.rt -l.^t "N.m. Mt.8i9U'v! -l -.-.pi 

iinalgnad ciiir *Rjilt. 
unsigned salrtHii, ic:4:i; 

OER^EnnortuS-rrlfcsa:*;. vnaltUn. OER.OCTET string, I(ftv->SAU 
DER^COdomctilc, tlclcn, OER.IKTEOEB. kuv >l»'-.r«tloftCo.ui-3 ■ " * 
DEH. EnceduSnq lb.if p. Utip. 0. sil-.. .wltlen, Ic. irUii. .). »]'. 

fre«(a4Uf : 
f reef lei ; 
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■Include 'csi.h* 

■ lllUltMjfi *«slllb h* 

flnclitdB •:nBtdb.r.> 
tincluda <flya/sork«>r..h> 
tlncludt <eraw.li> 



td«:Jne SOCKS riLE ' /otc/socltn .nnnf - 

Idwiino t»EF SDcrr niRT UlBO 

f 
•/ 

lrteMr.« SOCES COHN'KfT I 
l:l>;(ln'« SnCKS.flINn i 

Idfediitt SOCKS JlEStJI.T ?0 
■dan no Sf-iCl,s FAIL ?1 

■detLns SOCffSjNO IDENTD 53 /• Failed to coan«ct to Idontd on cl l«nc xactiino 
flmtlM y^ /" CUcn'-.'a rdenr;d r«port«d • dUrerent 'isOT-ld ' 

/• 

♦ K4k«T 4tt IP B.'JdrasB 

■ 'Iftlrta MAKE.IN_AWHt;».h.c,dl \ 

iirQiiiiii«i « .>4i I nh: « m i nci « m | tun 

/• 

• I'M.? /tr'irfjf- d'^sTrlbTS .nii en-.ry rram tlv» SOCKS csnf Iqur^Clon file. 

-yp**d*f :i*.r'«Tf. sor'>:sf:aTi[j»<jmC(,, SacfcfiL'oatltu*: 

•".r'tcc S.>;:ksco:i(i< otni;>:r i 

•in):l(;:i"Mj lonq d.wWt : 

jnslqr.>fl I'jrn IfMfitr 
l3t cp; 

'inalqned shct' por^.- 

/• V4lM«is lor op. 'jccd whMn P4ciiln9 the per'; fi<ld of the conf file •/ 

tdatlna II? 1 

Idaflno OP.EQUAL 2 

•define OP .LEQUAL i 

I define OP.CHEfcTFP 4 

Id* fine 0P_NOTF0l.»At, ? 

■dftri:io OP.CEO'JAL S 

■ d*rin»» :!P. ALWAYS 7 

« en tic unsigned trtng QiirHooC: 

/• »>fte Ust al 4ll •entries frcm rhe SOCK*: cfjn£i7 tUti »/ 

Int 
I 

|i»->cock)n < 
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If C4:)<«ll,sl2-«,flSSLSonk«lnroM; 
h->socko •Jill 

Jill h->crea-.»fUQj3 t rtrtL.Paoxr .HASK ; -= SSL NO F?<yiy 
sJ->Jlrecr » l- ' ' 

} 

return O; 

) 

return 1 ; 



InC 

SBl„CopvSorkn[nlotSS(.IU:i.JU -J,, ?KlJMr!!l> -.^lii 
hi*, rv: 

*lfdef _cplufipl'jo 
otl s at); 

•endlf 

rv • aJ«l_Croa':fl«;oc>!slnlo(iii ; 

If I rv < 0 I f 
ratumirvl ; 



nemcpylh->MeK:icn, oh->scck8, s l7.<*nt (.SSLSoclcsI.itol » : 
tecum rvi 

void 

oalJjeetroySocIcslnfoissLSfKksln;© 

If tsl) ( 

trcQlnl I ; 



Btaclc Int 

Ci»tciurH09t.lvold) 

i 

char r.anoiiooi; 
struct hastann -hp; 

gatboatnan«(niano, slzeoCfninQtl : 
hp « gethoRtbyiiareoin.lBia) ; 
If (hp) / 

) 01°^^**^ " •funalqnfltJ long •:tip->ii .addr: 

/• Total loseagnl •/ 
roturn -i , 

} 

r«ucn 0; 



/ ■ 

" f!!;"^ S^>ck3ConrK«n «o (rhu looptvirt 1= direct th'n:,,. 

■ f-BCic void 

Bui lduet3>il rx-on tUoni void I 

SockaCotifltom '21; 
SocKsConf [t-.em ^-Ip; 
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/* Pijt loopback onto direct list 
Ip > tast.sv.-ks.ronts: 

U -j^^^*^""*^*"'* "lIocil.olrftofrSocksConlrtwaM; 
r«t»im: 

) 

Ci >*31t«C^ - 1; 

ci >rt«d(Jr « KARa_i:JJU)OB(127.0.0. n : 

nl->«p s OP.jviKAYJ!: 
•tp r cl; 
Ip ' 4cf •.->l1«x''.; 
/» P-it o«Jc hosts "a B'^bnet onna direct ll»t 
;j ^^^SocksfVjnf lt^*J r-^l lac( I , airuot [So.iksuonf ItcmH ; 

cJ-*dlrect ^ l; 

cl->daddr - litonM (nCobl tsurHosc) i, -Oxtt\ | Oif (fl j 
cl-vdm.i8k - fl«B.INJkDOa!2Si.:55,25S.(Hi 
fil->Op 1 OP>LWAYS; 

/• EVsryr.hltHj eU« qoes to sodcd •/ 

t'AttJtn; 

Cj->daddi - MAKE_IW_ADDRfa55,255.2SS,i55: . 

MP . :-:t; 



• firwik .ip ^ M:.it o« tIw -anC Into whl^.-sp•ce &<ipar«t«d wsrds 

Int -itan - 

eavi* t rp; 

for (: (rh - I, 0; cp**( I 

i; i!ch 'I' I i; „ ..^n,,, , 
/• Oonu •/ 

) 

If (Ch as ' : ' I ( 

bre«Jt ; 

I 

If t(ch ^. • ') n (ch r= ni'u ( 

/• Sep«r\>:oc. BRo U It sirp^rancd Jtnycltna -/ 
1 1 {'.*p - S«VA > 0 1 ( 

y* Put * rwll the «nd of the wuid ./ 

•rp s 0; 

i f Urge nax^rgc) I 
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1 

) 

it icp - savB ? y 
•cp . Oj 

> 



static chat • 

Conv«rtOn»(ct,9r -.p. unslfln^d cM,- .-v^,, 

If /a) I * '* 

•> = 0, 

) 

•rvp . (itoi (cpj t ox£t? 
^ return o ? a.j , cp: 



sea tie UBslejred long 
ConvortAddr(chfi[ •bur 



"nilgn^d char bO. hi. b2. bj. 
unsl^nad lo;»g addr: 

but = ConvertOneftmt, »bO} ; 

bii; = CoDvtirtOne<bu[, tbl),- 

but « Converr.ono(bur. it>2) ; 

buf » Convertunoibuf, tb3: 



•^ReAd th« SO-.-RS contlouration iile 
static Inb 
fteidConfFlJefvold) 

Int rv; 

rv = CeLOurHosr II .- 
it I rv < 0) ) 



Sac)taConfJt«s -cl: 
Sockoconri'.em "Ipr 
FZLP. 'Ip; 

chat 'lli- = Sr'fHrrs.Fl LL-; 

lr.» np, dlt^Tt, pof, jireHur.L-Kr 

BulldDeU'jJtCcrifl.lpui ! 
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/* P4td» ccnCig in* 4rKl gensrac« coiiflv tcea llsc */ 

cbsr bufiiooot; 
char »s, MrgvlUM; 

» » fflR^afbuf, oljooKbuf;, ip( ; 

If {fop r 

J 

linoNiHRber** ; 

ar^c T Fr«gaeriCLln«(b'if, argv, 
' f (arcc < 3] I 

J : larqc C3 0) : 

nu5t be *i comcr.sn^yenpcy Une •/ 
::3nr.]nue; 

I 

(prIttKatderr. '^sjWt bad conJig llne\n*, 

r 1 1 f^. 1 ineMuinber) ; 
vontlnue; 

I 

i: lattcttplargvioi. "direct M •» OJ { 

dlrecL D 1; 
1 tfiRe If (fitromptargvIO!, *socKd-) on 0> ( 

dlrec', = C; 

forlcttlstderr, •»«:%d, b«d cooaaandt \*%a\»\n*. 

IllB, 1 IneNuoitwt , «rgvtOl)» 
contLlnua: 

) 

/• Loo): tor porr. rpe- •/ 
ap - OP_AUWAYS: 
J f largv > *\ { 

it ;scranp)«rgv|3| . 'Ic'; == Ql t 

op » OP^ESS; 
) elstt If (scrotpiarftvlll, 'aq-i a» oi ( 

op = np_BOUAL: 
> «:oe If (anrciiip(arQVt3|, M***! «» 0) ( 
ap = OP.LEQllfcL; 

I OJ8B U istrcwpfarsvr J| . •gf) « O) i 

op > OP.GREATER; 
I ols« it (Bcr=mptergv|31 , •nog-j *>: O) ( 

op • OPJtOTEQXUiL; 
} else if recrcmpfurgvl?! . '90*1 >- 0) ( 

op a OP_CE0WiL; 
I elsa { 

iprlnr.f istdorr, 'UiW, bad coapatlaon opj \'*a\"\n- 
ril«. lineKumbet, argvUJ); 

I 

pnrt - atol (ar9v|4) I : 



*;i = iSockiOHtrnOT*; c*;*ja=(i.sit«ori£ockfiConrrr.«a) i • 

If iJClJ I 

Tl >dftdd* - ConvcriA(3dr |Brq\'|lJ ) ; 
cl ->aiK03y ■ '.'onverfiAiidi larfT/j ; ( ( 1 

•>c.p 1 op; 
•ji-^prr: - por*-; 
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I 

it iissI.Eackn.sonfs) r 



unsigned loa{f dsUddr; 
unsigned s.iort dstPor^- 
SocksConfltofii -cl . 
Int rv; 

If nfijil_oorkc_conlB) ( 
rt* :f ReisdConfFlten • 
it trv) ! 

latum rv( 

I 

/• 

switch (ci->opj f 

It JportHfl'.chi ( 

re',orn ct • >m roci. ; 



) 

rofim 0; 



) 



Stat J c ln»i 

Pll.3r-^.n.-SSLH,n01o „ 

unsigned aljorr pnr'- 
utiElgned long host; ' 
struct ftc«-«:n •h-nr; 
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5; I h->8oe)fftt 

Cr°r "^IS" *** daemon 

boat a si >ivicl(dHosrt 

port- > kJ •••aashdpor'.: 

It •IpoiLt ( 

otatl« char (irstTlmw 1 j; 
KtotJc rinftLqn«d shor- socKdPorr; 

(firstTliwj t 
5t.r'ict servcnt 'apj 



fl:srTlin« c O; 
tapt I 



r g«ts€rvtyiiwn«f soaks', 'tcp'l • 
I f fapt I 



port > corAdFort; 

1 f 1 1 parti ( 

port 1 CEP- SOCXD.P03T; 

I 

If (hoof, -= 01 I 

II < hoittname d 9at«nv{ ■SOOtS.HOST* | } 1 
h«nt » geUtosnbynaaoitxiscnaBM}- 
:( I hent ) ( 

«rrno » EINVAL; 
r«fjirn -J ; 

) 

i «i8« •* 

/• XKlf, - la there toscttir vay? ♦/ 
orrnti * e:nval; 
rocijtri -J ; 



3'U.->sin_lanlly s AF_IHBT: 
o'jt:->»ln_porc » hconsiporU 1 

return Or 



s«:.cl our U««ir2ci ..ddr«e o«r u«r n«o to rJie .ocKa da-acn. 
acotin iin. 

SayHeilctSSUianCJ^ in. c„d. a.nac. sock,ddr_ln ch-r -use.. 
Int rv, »«-.: 
■JDslgned char aisgffi]: 
unsigned ahorr portf 
•Jnni9iii>d loM hoa:; 

/" bend drtt (nessjige to soviYi "/ 

part, s M*»jjir._port; 

r<o«t - S"t->sJn_adUr .f_*ddr: 

ine?M I c citri: 
»em^yinsg»i. ((loc*. 5J .• 
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rv ^ S_WrJt«(b->td. tnsr,, sLzmtiongM: 
If (rv < oj ( 

90C0 lo^crrcr ■ 



■f* Semi arc-uaer iMBcagw -.o asckd •/ 
i«n - »ttleo(user.i »|; 
rv * S_WrlcB(h->fd. .isar. loti"- ■ 
1 ' trv •< 0) f 

> 

return 0; 

1 ".errors 
return -1; 



static Int 

G«tr)s:tssLHandiB 'ij 

unstqjMid char oagf?!, end; 

S_HMd(ii->ffj, meg. si z«of (aisqi i : 
and = osalij; 

moncpy(fch->cocka >dostPort, Bisg-2. 2): 
n«ncpyUr.->BOCks->destHosi, mug. 4, 41; 

/• Chock ccatua bacJc fron itockd •/ 
awUch (cmd) ( 
case soci;s_FAiL; 
case fiOCi:s_TO,lDE»m)! 
CBBe SOCKS_BW;_ID: 

/* XJtx - Is tb«r« a becter vuyt •/ 
«rrno s ECOtlKREFVSEn ; 
return -1; 

default J 

I 

rdtutn r.; 



/* BSBI Bln't got nu rjserldn v 

«ifd»; _3a€asj 

VlncJudQ <[iwd,h> 

=har *b5dl_cusQridlchar "bi 

ctryct. paaswd -f** = oetp*#.ild(q«.jliin = 

if Itfc) i«turn pw ? pw->pH.nAmv : HOt.l,; 

If iipu i'. tpw->pw_n&]PM) 
bio; - -xti': 

acrcpyfb. pw->pw_naiw>i « 
retum b; 

» 



S3:._L-:>nr.*c-./ssLH*ndK. -i.. cor.rr v.>i.t ^i,^. 1,.,. 
Inr: rv, «rr, Oirect: 
cha r *uii(t; ; 
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•lid* I _cpluspius 



cwlr.ct»f .•«->cr«atBnagc « KJri^noXr KASK ) ' 
man SSU. ^C_PROXVl 

' • T*Kr\ conit4icr • / 
direct = 

CziH" SS:._HROXVt 

/• OO W« taJJC LC S0Clc3? »/ 

/■ t,o ssld •/ 

bteah: 

bre^^ . 



If (dlre=-.t I 

»ip - latnjct uoclC4diJr_ln*) aa: 

) else ! 

/• Ptgur* out wnere dia sockt! is •/ 
rv J PlndOBB(aan(h, Kdatiuinl j 
il irw) , 

return -Ij 

) 

aip » &daenon: 
h->SOr:ks >dlc*Ct a D: 



/• A-.C«a?l tlrct cofin«ctlon 
rv t Gomifizt ih->td, (aftruct 
it irv <: Ql I 
rc-urn rv; 



secJcBddrMslp. elzoof f •alpi j , 



It 'Idlrscu I 

/• Plnd URMi •; 

'jser • bsidl_::iis«Jd(Oi • 

*«lso 

•jfifir = ctjR^rldiCi : 

*f«dl ( 

Ricnc s EltlVAL: 



/- S«:id uut ftftflSA^o to It */ 
I 

/' i'W. >:hu reply 

it irv; , 

fv.tirii r.-; 
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int 

«L.31ndfSSmar:m« *h, co,..,r. veld -s^, Ut io... d..ho.. . 

SSLSockctlnto -51: 
In: rv, dicwzt: 

char •'uer.- 

strLcc itPchaddrUii ds-:; 

d9t.6Jr._tamHy = AF IKET; 
dst.«tn_addr.5_adar*- dnthoar.; 

Cl3L.8lruj>Qpt T 0: 

Kl B h- >. locks : 

^► Sr!l!:f*"*f^'""' ' SSL_PROXy_MASI! ) .r USL.PKOXV } f 
/* Plgute out Where tc conn^cc ;o »/ J i 

rv s PlndIia«nQn;ii, Adaenon^ • 
If (rv) ( 

return -I; 

) 

direct B ChooseAddro9s(h. tdst) i 
) fllsa ( 

/♦ don't even tiy r^ctcs proxy •/ 
dlr«ct .1; 

If Idtroct) t 

h->aock8->dlroct . i; 

^ ^^««ict,y(«h->8ocks..t„ndAddr. sa. «l2«f(str^r .ocaddr.in) , 
ft->»oc»C3->dlr«cf. « y; 

I? StFF'" 

return rv; 

) 

/• Pind ti3«T */ 

•ifdaf 3e6Bs;i_ 

user = bsdi.eyscrld'm ; 



««l80 

*ci>dlf 



Uanr s cusprld(0> ; 
If l!us«;| { 
roturti -1; 



/* Sond nessiiac ta aockd •/ 

rv - S»yH©llo(h. SOCRS.BIND, frdat., u*or. • 

i f irv; ! 

> 

/• Cathr.r -js bi-ri r.ipot.s. tros. rtorkd '/ 

1 1 irv «» 0) f 
/* Done ♦/ 

sJ iblr.dAddr.ai.viaa.i'.v - Ar iHtT- 
si >blndAdci ..itli._pot: - J?i->destl'e.r'.; 
i . ) n tul. 1 ( 5 1 > dffR *„Hf>s 1 1 »- 1 IMDDfi, Af ;/ ; 
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«'.->l;lndAddr.M:i_a(Hr.a_a(ldi « si >dasLElost: 



al->dldBln.i - I: 

I 

ssutandlo • 

Sril. *jpiSSUMtidl« 'h, int. ffll 

t 

SSLHandle •n:.t 

/• E^Jp tl.« descriptor «nd thLutt. tt •/ 

/• D-tp the sockut sirttccura »/ 
DA = ssl_HeHHandle{M, h->er««t«Plo5S) ; 
s s 1. Copy Socks In fo(nh, h); 
If :tnh>>socKs) i 
clo«s[fd) : 

i 

r«tijrii nh; 

\ 

5SI^Ar.c«pt|5SLHattd]* 'h. Veld -«ddr. lr.t -addclenpl 
ssLHandle -nh; 

int. rv; 

1*1 1. ))->S(x:k»: 

;f •: addr ik i •addrler.p alieof Istrucr- e(>c)cadd: in)} I I 
«rrno - BtMVAL: 
ra'.urn C; 

If Osi-.-dldBlrd I; cl-xiir»«ti I 

" U w» dlfin'i. do -.hii btod yat this call will ji«n«raM an orro- 
•* iQC t.he OS dc r.he accspc. 

[r IrJ'^^oi **«^'t«**f*> '»<Wr. addrlanpi, 
retjrn C; 

/• C«c nexr. accept rtiApouii from server •/ 
tv • C«tD3C(h>; 
It irvj ■ 

toMirn U: 

1 

'* H^ndBhake finished. Give dest. address back to caller •/ 
•(Otr-ir*-. <6cAiiddr_Jn-)addr| .>6iii.fmiii;y » AF_:NET- 
Ksnr-jrr sockaddr.inM^ddri ->»l:i_pnrc - sl->destl4r-- 
MP^njc*. •»c.ckaddr^n'')6d5r»->sln_flddt.s_addr = «l->d«ntHcat; 

' • nmt Ctiv tb* sccliv. • / 
rv - diiri'lt-'^ldi t 
I f ( I '.■ ^ 0 : .' 
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tsturn iih- 

} 

Int. 

SSL Us-on(SSLHvidle -x Jnr bscKlual 



^ rf!r..jr»(iloLen:h.!.:(l, hadrlcg)); 
roturn U: 

) 

Int 

SSU.Ge--sockr^,5SLH,ndU -h. void m. -r..««Unp| 

Ir.t rv; 

c-ecurii -I, 

I 

•namftleap » alzeottatnict soekadfir In* • 
return 0; 

( 

IM 

SSUJlandl«Ti>Pl);sStJIaTjdle •»!' 
I 

r«L'jrn(h->f{l) , 
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S£:Hi':^: ^^^^^ 

third party aoftw»« „d/« rd5tfffif ^« llMnsors of auch 
third party iwteriaT 9«n» you tio rlyhcs r.o any such 

•include -scl .h' 
■ Inclurle 'SftlUb.h' 

Bt.tile tmslgnod chor Bid2_elc| i « i 

sz- L^^' 

«t«il= inslflned Chor md.S «ic| i = , 

,„ s r; 0^:; 0%^%'; r: ) 

iiiilili 

„ Si??; SJH: S S B 

S3;; J3 ; S;rt' !:«"• 

iiiilili 
iiiilili 

I ; 

t ; 

as s s: si a it si: .1 
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owj oSs flfrr' ^J*"' <J«5. oxoj. oxoi 

„ SS: :s;: !S: S!; Si: •>"■ 

ox« JSe SjfS' J'^J' 

Ox2c ox"; S^ff' Oxltt. 0x13. 



, w.3i5n«d ch.,. r^nfl. ^r^Ur.* 

n>«mi;otldo3t, u, deatlPni ■ 



) 



•ifdflf BSAFE ^' 
•ondif BSAFF 



SSL .SstErrorljvi ; 
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rcjurn fi, 

J 

kay*>k(iy.blcr. « nJen • B; 



renurn K^-; 

sciiic ir.L Sec'jpTno'jetafvcld) 
nwtscipo.toatcajtey = 

, r5a-««:'Jre.Mrv«r.ca_«, .li«>riraa_8ecurI|:B.rv„ii:iJ; 

static Irit G«r.Uno^.hl unsigned char const -p. Int MwilerO 
switch {pioit ( 

return pfl); 
ca5« Ux82i 

■Iwilen = 3; 

raturr. CoxBlNEtp»i) 
Ovlaulc; 

brsak; 

} 

*lcaL«n » i; 
return plOI; 

1 

»».ic ir.. SKlpiunUgr.,. c.« coo« .-i^odyp. InL -bodylanp, ur.ignad char «, 
unslgmd char const •body = •boA'cj 
Int len, 11, hcdylen r •bodylenp; 

bodylen t bodvlen - 1 - 11 - leai 
*bodylanp T bodylen; 



atft'.ir HSAP.ibllcK«i' •Plndls»u« Oinslpnod eh*f : 

unnlqned char cons: •las'jer' 
lot len, 11: 

»ta-,lc InK 'Irsr.rlino - i; 

i.t illrstilnwi i 

1 1 (f>«tuplf;s>jersn < 0> f 
return 
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l! fbndylOJ != Ox3Q) [ 

£SL_SeeError(5Sl^ ESHOR_aAt> CERr; • 
r«curn fl; 

) 

len = CQtLen^th (*body ; 1 1 , sr. ; • 
If (leu < 0) ( 

SSU_Se'.E:rrorfS51^eRP0fi_3ftD CEKT) • 
rn'.arn Oj 

t 

body s body - i . H; 
bofiylfen o hedyier. - 1 - n- 
I f (bwSylcai < Cj | 

rwcuni 0; 

1 

IC .'Sklpftbody. ftbodylcn, Qx02, , t /' sn • f 

return 0,- 

ir (Sltip(tbody, tbodylen, Cx30;.t { /• rlo ./ 

SSL.S«t-error f SSL. ERBOfl_aAD CERT) . - f / 

roCurn 0; 

} 

It (bodyroj U 0x301 I 

5SL_Se*:Error(SSL.ERR0S B/.D CERT) • 
return 5; 

) 

ion = GetLGngrJi'ibodyli;. fiin- 
It Uen < I 

SSL_£eCErr3rlSS:^EiUlOR_nAD_CEBT) ; 
return 0; 

) 

Ictauer » body • 1 - ii- 

bodylen ■ bodylen - 1 ' ] 1 - . 

11 fbodyl«ii < 01 f 

SSL_S«tEr rorf S£l...EHROfl. BAILCEPT'. ; 

return C i 

( 

/• Nm» stie i( we have h«aid ot Jr •/ 

iteeacrepliBsuQt, nH'-.ac«p«s_t*Bt len} - o,i , 

^ rot urn n«tscapo_tasr<;a_fcey; 

If U3cn sl]:ftof(rs«.secur*.servc.r,ca_DaM)) « 

^ return r Jt *_ secures a rvcr.c*_l(«y; " 

SSl^B«nErtor:SSL^BBOH EAD CERT' • 
return 0; - • . 

««tlc HSAPutllcKei- -txtr.rnFubllcK^y .,:n.j,„.d co,.,-. ^tody. Int bortyl,n. 

Iht len, 11. ba«t>len. bslMti, nlen, elen- 
unsl^nsd char const 'base, »q, 
HSAPub]icll«y •pubK«y: 

CO p-Jbllc-tey -/ 
J f ;body|01 Dx3D( i 

SSL Se»:ErrorfK.-5L.ERRnR a\O.CEPTi : 

ieii » S^lUirtpThltbs-iyi Jl. iiJ;: 
if f 1 en 'J I i 

an. .SeiSrror i svt^ERfiofi iyvn^CEPTf ; 
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body = body . 1 . ij. 
bodylcn = bodylen - 1 - li; 
1 f Ibodylen < 0) ( 

BSL_SfttError(SSI.. ERHOB.EAD.Ctiin'i ; 

I 

it lsWp{fttioay, ibodylen, Cxoaii ( 

SSL_S«tEr roi- 1 SS l._EH ROR, BAD_CERT ( ; 
rerum 0; 

) 

if (SlcipUbody, 4bod/loa, 0x30)1 ( 
SSL_s«tEf ror (SSt^ EbIi»h_EAD_CERTI ; 
rat'jci) 0; 

) 

f lsiclp(4bo<Jy. *ho(tylen. CxJOU ( 

sst.s« terror [SSL^EapoH,aAD_cEim ; 

I 

If tsWpitbody, tbodylcn, 0x30) » | 

SSL_S«tErroriSSI, EHR03_eAD_CEBTt ; 
return 0; 

1 

If (Sklpiftbody, *boOyl«n, 0x30)) \ 
SSL_SotErcorlSSU.EHPOR.HAO_CERT) ; 
EttUicn C: 

J 

If ibodylOl !« 0x30) ( 

SSl^SetError)5SI^ERR0K_fl«;_eERTl i 
rotyrn 0; 

ba««lan » Gecljangth [&body( l ) , ill); 
1 f ibaselen < Ol ( 

SSU_SetEtcorlSSL„gRBOR BAE CERTi ! 

re cum 0: 

b«nn T bociy * i . j); 

btwtyleti • bodyl*n - 1 - ii bisulan- 

if :bodylen < C) ( 

S$t.SetEi mr tS£L,_EHBO?, BA:» CERTI ; 

rvtijrn Oj 

I 

I! ISklprhbasft. AbAMlen, Ox30l| ( 
SSL_!ieCErttirtS3Lu.ERR0F_B*U CERT J j 
r«urn 3: 

) 

i* Iba8«[0l !« 0x031 ( 

SSLwSolE.-ror{SEL_EBRfJR.BAD CERT)! 
return O: 

J 

baler. . GetLen;tti i&baaa It ) , 
if tbslen < o: { 

SSL_SetError;SSt, EJlBOR.BAD.CERT) : 

tefjrr 0; 

) 

bafifl ■ 9^a* • I » H; 

It ;b;i9eioi .'r oxoa: t 

SSI. .Set Kt ror (Ssi^esrcr^baclcept. . 
return 0; 

I; cl«R-|Oi Ox.K:| ( 

SSl.„S#ir.trror(SSI^ERRnK_DAD.CEIiT : 
r-i-.'jrir 'J: 



/• alp «lf 



/' Issuer •/ 



/♦ validity •/ 



/• subject */ 



/• alg info •/ 
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if llcn ^ 0) 1 

SSI,_SetErrar( SSL. ERROR. BAD CERTi ; 
r«-.urn £; 

) 

b«w = ba«e - 1 . 

/• C«tpcur« pjMlr: kr/ info '/ 
If (t>ae«|0) ic DyC2« •; 

SSL_Se;Error|£S- ib!Rl>R^BAi:_CEKTi : 

roturn 0: 

J 

nicn . G«tl.cngt(iUhaRof II. t,:]t: 
It In lor. < 0) ( 

SfiL_SfltError(ESt._ERROR bA3 certi ; 

tecum C; 

I 

n s basv * I • :i ; 
ba»e a n » nlen; 

if Iba9«tai ! r 0x02) ( 

SSV_S«lError:SSL_ERROH_BAP CERTI: 
return 0; 

= GotLengthifebaael It, ill); 
1 r |«l«n < Oj ( 

S S L_S« LEr ro r ( SS U_ERROR_BAD. CERT J ; 
t«t,um 0; 

> 

• s base -It II; 
1 1 (n[0| == OxUOJ I 

nlcn- 

I 

ptibKoy « Crear,«pubilcftey|n. nJw. ». elen) • 
return pubK«y; 



unalsnod char • 

Fln«JAttrInRD« I unsigned rha contt «rrtr, 
Int rdnien, 

unsigned char ccns', -itcrtw*, 
^ Int cyp«l«n) 

Lnt Bvaien: 

unslgnsd const, chhr •av»; 
lot len. checklar., vbIItoi 
unsigned const char *typa, 'val; 
unolgned chai Tetvalj 



while I rdni«n > L! j ( 

i: ( rdnlOJ I, 0X3-} i ( fltarr. of at. AVAfSEO nF(np5. VW-H •/ 
ESL_SetError(SSL.ERRQR_BAD.CEPT>: ""iiir-. y 



1 

avRlon " GatLenqthifcrrtn!:], iK;; 
rdnle:i s rditleii dvai«r , 

I ( t rdi'l^ < 0 I ( 

SSl._S«tErr3r(Pf:i._KRP0P_BA!> CERTl : 
r«C jrii 0; 
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M I kvarai I. 0x6 ) ( /• obj«cL Id of it=r type •/ 
S SL_S Bt Er ro r ( SSU. EaROR_BAD_CEIlT f ; 
return t}: 

} 

lei: « CUrLangthlAttval II . 411} i 
1 1 \ icn ** '.ypel«tt t I 
typ« s aV3 ' 1 * 11; 
cb«»cv,l«j s tvalen - 1 - 11 - Cypeleti; 
If f nmrncmpiAttttyp^t type, Ion) 0 1 ■ 
3iatch found •/ 
v^l T typo * cypelec] 

It J valiOl l« Oxli ! { /• valuQ Is printobl* string •/ 
SSL.SeLErro r ! SS Lc£RBOIL.BAD_CHHT) ; 
riiorn 0; 



valUii ■ CetLengthUvallll, £11:.- 
val w v*l * I • 11; 
chasKlen » checkleit - I - 11 - vaLlen! 
If ( ciii«ckleii !> 0 } ( 

ssL.sotError I SS1«_error. bad.cebT) t 

return 0; 



/• Eoalloc 8p&=e for cbo value string and copy It •/ 
retVAl c (char •)cnUocri. vallenoll; 
If ( retval ) ( 

aen=py(retvBl. val, vallem ; 

te»ftllval)enl ■ Di 



return I twtval i ; 

> 



return O; 



unalffned char • 

PlndAttrTfiNauMfutislgned cbar const •naa«, 
Int ti«meler., 

uiialtmed chAr cojwt 'atcrtypQ, 
int rypelen) 

1 

Int 11; 
llit rdnlttQ; 

unsigned cow. char *rdr:; 
unsigned chni *vdl*i«: 

while uamelen <> 0 ] i 

It i niiOTlOI l» OxJl ) { /' atarc of tat RDMfSET OF AVAf 
SSL_£«r.Errnr(SSL^EBROR_BAD_CERT) ; 
re':«rn Oj 

1 

rdnl<ii t! (*«(.Liingth(fina»ellI. 411); 
naaieler - ridOMtlen - I - 11 - rdnlen: 

1 1 t rvamolcn < 0 1 ( 

sat_t;e':srror[ssi...EBROR..Eg;o_CEKTl ; 



rdr. - natr-rr - I • 11; 
Loin's rCn - rrtnlen; 
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value « FlndAtcrinBDMCrdn. rdnl«n, attrtyps. typglcni ; 

ir I value I ; 

telumfvaiuet ; 

) 

racurn 0: 

SMtir unslpned =h*c conttanMjm* " 1 » i CrxSi. 0x4, 0x1 |; 

char •XtOS_FindSubJ«!nr.(usslcned cnar cannx T*!'., let certlftn; 

Ip.c subllen, l6<i, 11, b«8*l«i. tslen, man, «leN. bodylen, o'jterl«-. 
unslgn«d eh.ar const •msb. ti. 'body; 
unaigiied Khar •cnairc; 

Scrip off outer wrapping ♦/ 
if (corciOl 1= OxJO) ( 

SSL^SotErrar ( SSL. ERRCR_3Ari_CEftT) ; 
twf.'Jrn G; 



oucerlen ° QsCLan?:.h(&cert( i] , £11); 
If ( outer len < Oi ( 

SSL^eC£rroi (SSL, JWRnn_BAL*_CEPTt ; 

return 0; 

) 

cert ■ cert * 1 - 11; 
corLten c cercJen - 1 )1; 
It tcerclon < 0) t 

SSLwSetErmrfSSL_eRROR_B\D_CI?RT> i 

return 0; 

J 

/• Find the certlflcaio hnAy *f 
II icnrttOI x-w 0x30 r | 

SSL_SetErrcr(SSL_ERROR_a\0_CERTi ; 

return y; 

I 



bodylen » CotLcngth|fce«rt II ) . 
I f (bodylen < ot t 

SSL.SQ-Error(SSL_EP.ROR_aAl.",.CEaTl ; 

roturn 0; 

( 

body > cert: 

bodylen 3 1 * 11 * bodyi«n: 
cere o cert « bodyl<en; 
certlerj s certler - bcdyleu: 
If <c*irtlcn < 01 1 

SSL_Sef.Error ISSI^ERROF^BAD.CERT) ; 

rotwrr. 0; 

} 

to cubjoct -/ 
!i (bodyrO) !t 0x30 ■ 

ssv_Sc*.Frror(SyL_ERRf;5 hu\\ :\:Yr. \ 
return Oj 

I 

Icn i o-tUfig:h|t-«ey!l). ill): 
ii {icn < o; ■: 

SSL .StttErrnr f SSL.EKROfi nAfi .CEKT: ; 
r«turr; 0; 
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) 

boOy t hody . t . 11; 
bodvion . bndylwi - 1 - M; 
If ibodvlen < 0} ( 

SSl^SerErrsrf SSL.ERHOP. BAELCERTt ; 

rccym O; 

t 

:r iSlclpUbody, &bodyi*n, OxO?)t ( /. ^, ./ 

.SSt_SetErrorfSSr._ERROR HAD CESTi ,- 
return 

I 

If fSHipHbody. *bodylen, Cx301 ( t /■> s'g «lo </ 

SSL.fietError I SSL_B11R0B.BA0_CERTI : 
rqturn t': 

U (Skipitbody, ttodyUn, 0x301) f /. lag^^ 

SSL_Set.er ror l SSL. RFROJLBAD.CESTl : 
r«fjrn 'j; 

If (SWptSbody. fcbodylen. ttjdOi ) ( /. v*Udltv ■/ 

SSL_Se-.Errar(SSL_ERBOR_BAC CERT| ; 
r-sr-urfi i); 



/• *#g chooid b* 4t th« subject [l«ld now •/ 
It I bodylOI 1= 5x30 ) ( 

SSU_S«CErrorlSSI<ERROILBU!_CEnT) ; 
r«runi 0; 

aubjlen = G«r.Len3tti(£body |i] , tjif,. 
bsdy = body - ; - 11: 
bodylwi » bodyien - 1 - li; 

1 1 I ( bodylwn < 0 ) 1 1 C bodylen < s'jblian j i r 
SSt^etErrorl!;SU.EWlOR_aAD CEHTl : 

1 

^ «i«ri.(PlndAtcrInM»miUbc.dy, a.ibjlon. con^om*»m.. 8lz«ot (cooawNanfi) ) ; 
char • 

Si:L.C«tP««rCoi«>ciiNura(SSrj!andltt 'h' 
i; I ti<>pe3rC«rt ) I 



in-: X£{J3.Ch^ctci-e;T.tSSLHandle 'h. .jr.«lgn«d nlmr const "cert, int MrtUal 
unslgiKd char const •body, "aJg. •sij. 
i^IL'I'; bodylwi. alslen. slglm. l!, <ja: 

RSAPubllcKwy -pubKoy. 

/* S'.elp eft otjter wrapping •/ 

If ;c«iroi !- cx30: rotum ssi._SetErr=r(SSL_ERKOR_BiD certi ; 
s jtfirlen * fi 'tLensthiiccrttll . fiUc 

II ic'j'.«rjan Of cefjtn SSl^_Sf(nE:ior fSSL 2RR0R BAD TS'-i • 
corrl^i - c«r',)er, - 1 - H; 

:i (cerM«r, - Oi rnr:urn 35t...s.f,Error (SSL ERRCR_BAn .csbt: ; 
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/* Find the certlflc*te bgdy »/ 

II (cortiai !- 0x301 r«tun» Si:i._ScCEcrorfSSL_ER50a_BAn CFJiTr . 
bodylen « CdLLcnpciHicwr- (l I , tm , 

U (bodylen < Ol cet«ii, SSI..S«tErEcrtSSl._ERilOR_EAD_CRPT: . 
body B cQrt; 

bodylon e i . 11 * bodyUn; 
cart, r r«rt » bod^'len; 
certleri r c«rcieii hod/lcri; 

i£ (cerr.Ur: < 0) CQfim SSL_SctErrfir {SSL-.EBSOR.BALLCEPTr ; 
/• Find :ta algorithm info -y 

If (carcIOI }B Ox3D) totiim SSI,_S»tError (SSL_£BR03 FUL't.-EBTl: 
■Xglon r cotL«ngthl«eer:lll , sll); 

It tftiglwn < 01 r*t*j^vvi SSL_SetErroc (SSl. emw^BhD CERTt.- 
alg E cBrr,; 

alsJan ^ 1 * 11 * alalor^; 
cort = cert ♦ algl«ri; 
certl«n : certlen - hlglon; 

II (cerclm < oi rHrjirn ssL_SetErrorlSSI^ERRnR_EAD_CEnT) : 
/■ Find tho slsrnature •/ 

U tCQftlOl 1= 0x03) return SSl-_S«tError|SSL_ERROR BAD CZRTi • 
slqlen r CwtLengthltcert!! 1 , (Hit 

II (siglen < 01 return SSL_S«tEcrorf SSLJiUlOR BAC CEBT: ■ 
«ig ? cert - I ♦ U; - - . 

certlen » certlen - 1 - U - algleo; 

IC (c»rtlen 0) return SSl,.SeCError(SSL_ERROR_BftR CERTJ : 
it falglD, >. OjtOOl rerur/i SSl^SotError (SSL_ERiiCP. fiAU CERTi • 
8l9**.* slglcn — ; - _ . 

/' Se« 1£ we know the certificate Issuer •/ 
pubKoy 5 einaiiisuer(body, bodyleni; 

It [IpubJCnyi return SSi_5«tError(SSU_EBR0n,BAD_CEFTi : 

Boxt, chock tho olgnature- Plrat tigurc cjt wtiAi. HLnd st hJiV. 
•■ Iuncr.i on was used by exAtalnJnq the alginfo. 

» alee 

" 'dJ^J^SSllMOS^**''''"'''"''^'*' " "'Ji-^ia. a;yl«>* ui, 

^ else 

return SSl^SciError lSSl,.ERBDR_3K>_CEirTl ; 
return SS L_Sa terror (SSL. ERROflJAD.CETlT. S J c; 



/" JttX no valltlivy caecxin? ye-. 

/' Extract public Hey and pjt Into h */ 
pubKey = Extract Pub J l.rK^ylbody, bodyleni : 
i.- [SpubKeyi return SSL.SetErxor ;i;.';t_ERR0S_8J 



t->p'jhKey ' p'jbK«y. 
return o 
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" COpyTlqnt le) 19>=. |4«cscttt>« Coao'inlcationa Corporatlnn. kiL rights 

reserved. Thii us« o( ttjl« Secure Bockew Layer fteferenoi 
** iBpleaeniation \zhm *SoItwire*) Is govornad by the tetma of th« SSL 
*■ Reffirenee Inpl eiaancaclon Llccnsa Agreamont. Please read the 

accoirpanylng -LIcensit- (Ue for h dSRcrlptlon cf tfte eights granted. 

• • Any oiher -Jilrd party iiiaurlala you use wjui this Softuare may be 

** sublett t.3 odeSLtloral license restrictions froa ciio llceitsorrt ot such 

third party sofbMr* «aid/or additional expur': restrictions. Ttm SSL 
" imp](Wftntat:o:i Llcanfle Agremner.L pran-.o yo-j nc rlghcd lo ony »uclt 
" Third party w»t«tlai. 
•/ 

• itOtrt BSAFf 

Unciuae •sclKfq.h* 
*Jiii:ludfl <stdio.h> 

• Jn=|tjd4 <}ttdlib.h>- 

• ir.Jltjiio <atrlnp.h.. 



Staii-Jorri lupleaanr^tion ct Kiiv T_ tunctiona (or bsaf«2 assuming a 



Mid T_(re«rPOItfrEH blocV) 



i; (block la NULL^PTB) 
treetblorki ; 



fCirCEii T.Ballo=(<:n£iuaed int len: 

ic-.urn (POINTERJ im11oc(1«h 7 Jon . H: 



tPOINTEH fiEst31oc:>, POIHTEH McondBlock, unsigned int ien) 



If lien mm 01 
rerurii 'J: 



^'•'Jrii ncacBip) f Ir at Block, «^cor.d3lct:K. |<i 



«l<t 7_mettcp>'fl-jjMrEB outp^it, pointsp input, unsigned Int a« 

If lien 01 f 

mwr.cpyiou-p'j'-.. Inpjt, ign); 



vjld r.n«iaaovo(POlMTliii output, POIKTCR Inptit, unsigned int Ion} 



ir (ten 'm 0; .; 

*tuut.p-j-., input, leni; 



vaM 1..itH.(w«*ii.(FCTHTEh cutp-ir., int vai'j«. unsigned Ir.t lenl 



If :l«n u) 1 

miws.,. r. ( g.j tp-j r. , vo 1 , 1 *(r. i 



Po:trr-.P T_r^lioctf"U"TE3t blych, 'jnsijnwl int len; 
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POINTER rv; 

return naUoc T Jen 7 isn = li; 
rv - tfoumu) re*::acfbloch, ? |«: . • . . 
f Ceafhlockl ; 

i 

roturn rv; 

) 

k«»ndi( /« ESAFi '/ 
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What is claimed is: 

1. A computer program product con^sing: 

a con^uter useable medium having computer readable 
program code means embodied therein for encrypting 
and decrypting infonnation transfenred over a network ^ 
between a dient s^plicaticn program running in a client 
con4)uter and a server application program running in 
a server computer, the computer readable program code 
means in the con^ter program product comprising: 
conq)uter readable program code means for providing 
a socket application program interface to an appli- 
cation layer program; 
con^)uter readable program code means for providing 
encrypted infonnation to transport protocol layer 
services; 15 
con:^)uter readable program code means for encrypting 
information received from an ^plication layer pro- 
gram; and 

con:4}uter readable program code means for decrypting 
information received from transport protocol layer 
services. 

2. A computer network that encrypts and decrypting 
information transferred over the network, comprising: 

a client computer that runs a client application program; 
a server con^uter that runs a server application program; 



214 

means for providing a socket application program inter- 
face to an application layer program; 
means for providing encrypted information to transport 

protocol layer services; 
means for encrypting information received from an appli- 
cation layer program; and 
means for decrypting information received from transport 

protocol layer services. 
3. A method of encrypting and decrypting information 
transferred over a netwodc between a dient application 
program running in a dient coiiq)uta and a sarer applica- 
tion program miming in a server conq>uter, the method 
conqnising: 

providing a socket ^plication program interface to an 

application layer program; 
providing encrypted informatLon to transport protocol 

layer services; 
encrypting information received from an ^plication layer 

program; and 

decrypting information received from transport protocol 
layer services. 

4t Kt ^ 
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